SDK for PHP 3.x
Amazon Inspector 2016-02-16
- Client: Aws\Inspector\InspectorClient
- Service ID: inspector
- Version: 2016-02-16
This page describes the parameters and results for the operations of the Amazon Inspector (2016-02-16), and shows how to use the Aws\Inspector\InspectorClient object to call the described operations. This documentation is specific to the 2016-02-16 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AddAttributesToFindings ( array $params = [] )
- Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings.
- CreateAssessmentTarget ( array $params = [] )
- Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup.
- CreateAssessmentTemplate ( array $params = [] )
- Creates an assessment template for the assessment target that is specified by the ARN of the assessment target.
- CreateExclusionsPreview ( array $params = [] )
- Starts the generation of an exclusions preview for the specified assessment template.
- CreateResourceGroup ( array $params = [] )
- Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target.
- DeleteAssessmentRun ( array $params = [] )
- Deletes the assessment run that is specified by the ARN of the assessment run.
- DeleteAssessmentTarget ( array $params = [] )
- Deletes the assessment target that is specified by the ARN of the assessment target.
- DeleteAssessmentTemplate ( array $params = [] )
- Deletes the assessment template that is specified by the ARN of the assessment template.
- DescribeAssessmentRuns ( array $params = [] )
- Describes the assessment runs that are specified by the ARNs of the assessment runs.
- DescribeAssessmentTargets ( array $params = [] )
- Describes the assessment targets that are specified by the ARNs of the assessment targets.
- DescribeAssessmentTemplates ( array $params = [] )
- Describes the assessment templates that are specified by the ARNs of the assessment templates.
- DescribeCrossAccountAccessRole ( array $params = [] )
- Describes the IAM role that enables Amazon Inspector to access your AWS account.
- DescribeExclusions ( array $params = [] )
- Describes the exclusions that are specified by the exclusions' ARNs.
- DescribeFindings ( array $params = [] )
- Describes the findings that are specified by the ARNs of the findings.
- DescribeResourceGroups ( array $params = [] )
- Describes the resource groups that are specified by the ARNs of the resource groups.
- DescribeRulesPackages ( array $params = [] )
- Describes the rules packages that are specified by the ARNs of the rules packages.
- GetAssessmentReport ( array $params = [] )
- Produces an assessment report that includes detailed and comprehensive results of a specified assessment run.
- GetExclusionsPreview ( array $params = [] )
- Retrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token.
- GetTelemetryMetadata ( array $params = [] )
- Information about the data that is collected for the specified assessment run.
- ListAssessmentRunAgents ( array $params = [] )
- Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs.
- ListAssessmentRuns ( array $params = [] )
- Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates.
- ListAssessmentTargets ( array $params = [] )
- Lists the ARNs of the assessment targets within this AWS account.
- ListAssessmentTemplates ( array $params = [] )
- Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets.
- ListEventSubscriptions ( array $params = [] )
- Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template.
- ListExclusions ( array $params = [] )
- List exclusions that are generated by the assessment run.
- ListFindings ( array $params = [] )
- Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs.
- ListRulesPackages ( array $params = [] )
- Lists all available Amazon Inspector rules packages.
- ListTagsForResource ( array $params = [] )
- Lists all tags associated with an assessment template.
- PreviewAgents ( array $params = [] )
- Previews the agents installed on the EC2 instances that are part of the specified assessment target.
- RegisterCrossAccountAccessRole ( array $params = [] )
- Registers the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments.
- RemoveAttributesFromFindings ( array $params = [] )
- Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists.
- SetTagsForResource ( array $params = [] )
- Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template.
- StartAssessmentRun ( array $params = [] )
- Starts the assessment run specified by the ARN of the assessment template.
- StopAssessmentRun ( array $params = [] )
- Stops the assessment run that is specified by the ARN of the assessment run.
- SubscribeToEvent ( array $params = [] )
- Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.
- UnsubscribeFromEvent ( array $params = [] )
- Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.
- UpdateAssessmentTarget ( array $params = [] )
- Updates the assessment target that is specified by the ARN of the assessment target.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- GetExclusionsPreview
- ListAssessmentRunAgents
- ListAssessmentRuns
- ListAssessmentTargets
- ListAssessmentTemplates
- ListEventSubscriptions
- ListExclusions
- ListFindings
- ListRulesPackages
- PreviewAgents
Operations
AddAttributesToFindings
$result = $client->addAttributesToFindings([/* ... */]); $promise = $client->addAttributesToFindingsAsync([/* ... */]);
Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings.
Parameter Syntax
$result = $client->addAttributesToFindings([
'attributes' => [ // REQUIRED
[
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'findingArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- attributes
-
- Required: Yes
- Type: Array of Attribute structures
The array of attributes that you want to assign to specified findings.
- findingArns
-
- Required: Yes
- Type: Array of strings
The ARNs that specify the findings that you want to assign attributes to.
Result Syntax
[
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
]
Result Details
Members
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Attribute details that cannot be described. An error code is provided for each failed item.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Add attributes to findings
Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings.
$result = $client->addAttributesToFindings([
'attributes' => [
[
'key' => 'Example',
'value' => 'example',
],
],
'findingArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU',
],
]);
Result syntax:
[
'failedItems' => [
],
]
CreateAssessmentTarget
$result = $client->createAssessmentTarget([/* ... */]); $promise = $client->createAssessmentTargetAsync([/* ... */]);
Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account. For more information, see Amazon Inspector Assessment Targets.
Parameter Syntax
$result = $client->createAssessmentTarget([
'assessmentTargetName' => '<string>', // REQUIRED
'resourceGroupArn' => '<string>',
]);
Parameter Details
Members
- assessmentTargetName
-
- Required: Yes
- Type: string
The user-defined name that identifies the assessment target that you want to create. The name must be unique within the AWS account.
- resourceGroupArn
-
- Type: string
The ARN that specifies the resource group that is used to create the assessment target. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target.
Result Syntax
[
'assessmentTargetArn' => '<string>',
]
Result Details
Members
- assessmentTargetArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment target that is created.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- InvalidCrossAccountRoleException:
Amazon Inspector cannot assume the cross-account role that it needs to list your EC2 instances during the assessment run.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Create assessment target
Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account.
$result = $client->createAssessmentTarget([
'assessmentTargetName' => 'ExampleAssessmentTarget',
'resourceGroupArn' => 'arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnv',
]);
Result syntax:
[
'assessmentTargetArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX',
]
CreateAssessmentTemplate
$result = $client->createAssessmentTemplate([/* ... */]); $promise = $client->createAssessmentTemplateAsync([/* ... */]);
Creates an assessment template for the assessment target that is specified by the ARN of the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments.
Parameter Syntax
$result = $client->createAssessmentTemplate([
'assessmentTargetArn' => '<string>', // REQUIRED
'assessmentTemplateName' => '<string>', // REQUIRED
'durationInSeconds' => <integer>, // REQUIRED
'rulesPackageArns' => ['<string>', ...], // REQUIRED
'userAttributesForFindings' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- assessmentTargetArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment target for which you want to create the assessment template.
- assessmentTemplateName
-
- Required: Yes
- Type: string
The user-defined name that identifies the assessment template that you want to create. You can create several assessment templates for an assessment target. The names of the assessment templates that correspond to a particular assessment target must be unique.
- durationInSeconds
-
- Required: Yes
- Type: int
The duration of the assessment run in seconds.
- rulesPackageArns
-
- Required: Yes
- Type: Array of strings
The ARNs that specify the rules packages that you want to attach to the assessment template.
- userAttributesForFindings
-
- Type: Array of Attribute structures
The user-defined attributes that are assigned to every finding that is generated by the assessment run that uses this assessment template. An attribute is a key and value pair (an Attribute object). Within an assessment template, each key must be unique.
Result Syntax
[
'assessmentTemplateArn' => '<string>',
]
Result Details
Members
- assessmentTemplateArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment template that is created.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Create assessment template
Creates an assessment template for the assessment target that is specified by the ARN of the assessment target.
$result = $client->createAssessmentTemplate([
'assessmentTargetArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX',
'assessmentTemplateName' => 'ExampleAssessmentTemplate',
'durationInSeconds' => 180,
'rulesPackageArns' => [
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-11B9DBXp',
],
'userAttributesForFindings' => [
[
'key' => 'Example',
'value' => 'example',
],
],
]);
Result syntax:
[
'assessmentTemplateArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T',
]
CreateExclusionsPreview
$result = $client->createExclusionsPreview([/* ... */]); $promise = $client->createExclusionsPreviewAsync([/* ... */]);
Starts the generation of an exclusions preview for the specified assessment template. The exclusions preview lists the potential exclusions (ExclusionPreview) that Inspector can detect before it runs the assessment.
Parameter Syntax
$result = $client->createExclusionsPreview([
'assessmentTemplateArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentTemplateArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment template for which you want to create an exclusions preview.
Result Syntax
[
'previewToken' => '<string>',
]
Result Details
Members
- previewToken
-
- Required: Yes
- Type: string
Specifies the unique identifier of the requested exclusions preview. You can use the unique identifier to retrieve the exclusions preview when running the GetExclusionsPreview API.
Errors
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- PreviewGenerationInProgressException:
The request is rejected. The specified assessment template is currently generating an exclusions preview.
- InternalException:
Internal server error.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
CreateResourceGroup
$result = $client->createResourceGroup([/* ... */]); $promise = $client->createResourceGroupAsync([/* ... */]);
Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target. The created resource group is then used to create an Amazon Inspector assessment target. For more information, see CreateAssessmentTarget.
Parameter Syntax
$result = $client->createResourceGroup([
'resourceGroupTags' => [ // REQUIRED
[
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- resourceGroupTags
-
- Required: Yes
- Type: Array of ResourceGroupTag structures
A collection of keys and an array of possible values, '[{"key":"key1","values":["Value1","Value2"]},{"key":"Key2","values":["Value3"]}]'.
For example,'[{"key":"Name","values":["TestEC2Instance"]}]'.
Result Syntax
[
'resourceGroupArn' => '<string>',
]
Result Details
Members
- resourceGroupArn
-
- Required: Yes
- Type: string
The ARN that specifies the resource group that is created.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Create resource group
Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target. The created resource group is then used to create an Amazon Inspector assessment target.
$result = $client->createResourceGroup([
'resourceGroupTags' => [
[
'key' => 'Name',
'value' => 'example',
],
],
]);
Result syntax:
[
'resourceGroupArn' => 'arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnv',
]
DeleteAssessmentRun
$result = $client->deleteAssessmentRun([/* ... */]); $promise = $client->deleteAssessmentRunAsync([/* ... */]);
Deletes the assessment run that is specified by the ARN of the assessment run.
Parameter Syntax
$result = $client->deleteAssessmentRun([
'assessmentRunArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment run that you want to delete.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AssessmentRunInProgressException:
You cannot perform a specified action if an assessment run is currently in progress.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Delete assessment run
Deletes the assessment run that is specified by the ARN of the assessment run.
$result = $client->deleteAssessmentRun([
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVe',
]);
DeleteAssessmentTarget
$result = $client->deleteAssessmentTarget([/* ... */]); $promise = $client->deleteAssessmentTargetAsync([/* ... */]);
Deletes the assessment target that is specified by the ARN of the assessment target.
Parameter Syntax
$result = $client->deleteAssessmentTarget([
'assessmentTargetArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentTargetArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment target that you want to delete.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AssessmentRunInProgressException:
You cannot perform a specified action if an assessment run is currently in progress.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Delete assessment target
Deletes the assessment target that is specified by the ARN of the assessment target.
$result = $client->deleteAssessmentTarget([
'assessmentTargetArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
]);
DeleteAssessmentTemplate
$result = $client->deleteAssessmentTemplate([/* ... */]); $promise = $client->deleteAssessmentTemplateAsync([/* ... */]);
Deletes the assessment template that is specified by the ARN of the assessment template.
Parameter Syntax
$result = $client->deleteAssessmentTemplate([
'assessmentTemplateArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentTemplateArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment template that you want to delete.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AssessmentRunInProgressException:
You cannot perform a specified action if an assessment run is currently in progress.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Delete assessment template
Deletes the assessment template that is specified by the ARN of the assessment template.
$result = $client->deleteAssessmentTemplate([
'assessmentTemplateArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T',
]);
DescribeAssessmentRuns
$result = $client->describeAssessmentRuns([/* ... */]); $promise = $client->describeAssessmentRunsAsync([/* ... */]);
Describes the assessment runs that are specified by the ARNs of the assessment runs.
Parameter Syntax
$result = $client->describeAssessmentRuns([
'assessmentRunArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- assessmentRunArns
-
- Required: Yes
- Type: Array of strings
The ARN that specifies the assessment run that you want to describe.
Result Syntax
[
'assessmentRuns' => [
[
'arn' => '<string>',
'assessmentTemplateArn' => '<string>',
'completedAt' => <DateTime>,
'createdAt' => <DateTime>,
'dataCollected' => true || false,
'durationInSeconds' => <integer>,
'findingCounts' => [<integer>, ...],
'name' => '<string>',
'notifications' => [
[
'date' => <DateTime>,
'error' => true || false,
'event' => 'ASSESSMENT_RUN_STARTED|ASSESSMENT_RUN_COMPLETED|ASSESSMENT_RUN_STATE_CHANGED|FINDING_REPORTED|OTHER',
'message' => '<string>',
'snsPublishStatusCode' => 'SUCCESS|TOPIC_DOES_NOT_EXIST|ACCESS_DENIED|INTERNAL_ERROR',
'snsTopicArn' => '<string>',
],
// ...
],
'rulesPackageArns' => ['<string>', ...],
'startedAt' => <DateTime>,
'state' => 'CREATED|START_DATA_COLLECTION_PENDING|START_DATA_COLLECTION_IN_PROGRESS|COLLECTING_DATA|STOP_DATA_COLLECTION_PENDING|DATA_COLLECTED|START_EVALUATING_RULES_PENDING|EVALUATING_RULES|FAILED|ERROR|COMPLETED|COMPLETED_WITH_ERRORS|CANCELED',
'stateChangedAt' => <DateTime>,
'stateChanges' => [
[
'state' => 'CREATED|START_DATA_COLLECTION_PENDING|START_DATA_COLLECTION_IN_PROGRESS|COLLECTING_DATA|STOP_DATA_COLLECTION_PENDING|DATA_COLLECTED|START_EVALUATING_RULES_PENDING|EVALUATING_RULES|FAILED|ERROR|COMPLETED|COMPLETED_WITH_ERRORS|CANCELED',
'stateChangedAt' => <DateTime>,
],
// ...
],
'userAttributesForFindings' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
// ...
],
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
]
Result Details
Members
- assessmentRuns
-
- Required: Yes
- Type: Array of AssessmentRun structures
Information about the assessment run.
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Assessment run details that cannot be described. An error code is provided for each failed item.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Examples
Example 1: Describte assessment runs
Describes the assessment runs that are specified by the ARNs of the assessment runs.
$result = $client->describeAssessmentRuns([
'assessmentRunArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
],
]);
Result syntax:
[
'assessmentRuns' => [
[
'name' => 'Run 1 for ExampleAssessmentTemplate',
'arn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
'assessmentTemplateArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw',
'completedAt' => ,
'createdAt' => ,
'dataCollected' => 1,
'durationInSeconds' => 3600,
'findingCounts' => [
'High' => 14,
'Informational' => 0,
'Low' => 0,
'Medium' => 2,
'Undefined' => 0,
],
'notifications' => [
],
'rulesPackageArns' => [
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP',
],
'startedAt' => ,
'state' => 'COMPLETED',
'stateChangedAt' => ,
'stateChanges' => [
[
'state' => 'CREATED',
'stateChangedAt' => ,
],
[
'state' => 'START_DATA_COLLECTION_PENDING',
'stateChangedAt' => ,
],
[
'state' => 'START_DATA_COLLECTION_IN_PROGRESS',
'stateChangedAt' => ,
],
[
'state' => 'COLLECTING_DATA',
'stateChangedAt' => ,
],
[
'state' => 'STOP_DATA_COLLECTION_PENDING',
'stateChangedAt' => ,
],
[
'state' => 'DATA_COLLECTED',
'stateChangedAt' => ,
],
[
'state' => 'EVALUATING_RULES',
'stateChangedAt' => ,
],
[
'state' => 'COMPLETED',
'stateChangedAt' => ,
],
],
'userAttributesForFindings' => [
],
],
],
'failedItems' => [
],
]
DescribeAssessmentTargets
$result = $client->describeAssessmentTargets([/* ... */]); $promise = $client->describeAssessmentTargetsAsync([/* ... */]);
Describes the assessment targets that are specified by the ARNs of the assessment targets.
Parameter Syntax
$result = $client->describeAssessmentTargets([
'assessmentTargetArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- assessmentTargetArns
-
- Required: Yes
- Type: Array of strings
The ARNs that specifies the assessment targets that you want to describe.
Result Syntax
[
'assessmentTargets' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'name' => '<string>',
'resourceGroupArn' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
]
Result Details
Members
- assessmentTargets
-
- Required: Yes
- Type: Array of AssessmentTarget structures
Information about the assessment targets.
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Assessment target details that cannot be described. An error code is provided for each failed item.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Examples
Example 1: Describte assessment targets
Describes the assessment targets that are specified by the ARNs of the assessment targets.
$result = $client->describeAssessmentTargets([
'assessmentTargetArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
],
]);
Result syntax:
[
'assessmentTargets' => [
[
'name' => 'ExampleAssessmentTarget',
'arn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
'createdAt' => ,
'resourceGroupArn' => 'arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI',
'updatedAt' => ,
],
],
'failedItems' => [
],
]
DescribeAssessmentTemplates
$result = $client->describeAssessmentTemplates([/* ... */]); $promise = $client->describeAssessmentTemplatesAsync([/* ... */]);
Describes the assessment templates that are specified by the ARNs of the assessment templates.
Parameter Syntax
$result = $client->describeAssessmentTemplates([
'assessmentTemplateArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- assessmentTemplateArns
-
- Required: Yes
- Type: Array of strings
Result Syntax
[
'assessmentTemplates' => [
[
'arn' => '<string>',
'assessmentRunCount' => <integer>,
'assessmentTargetArn' => '<string>',
'createdAt' => <DateTime>,
'durationInSeconds' => <integer>,
'lastAssessmentRunArn' => '<string>',
'name' => '<string>',
'rulesPackageArns' => ['<string>', ...],
'userAttributesForFindings' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
// ...
],
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
]
Result Details
Members
- assessmentTemplates
-
- Required: Yes
- Type: Array of AssessmentTemplate structures
Information about the assessment templates.
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Assessment template details that cannot be described. An error code is provided for each failed item.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Examples
Example 1: Describte assessment templates
Describes the assessment templates that are specified by the ARNs of the assessment templates.
$result = $client->describeAssessmentTemplates([
'assessmentTemplateArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw',
],
]);
Result syntax:
[
'assessmentTemplates' => [
[
'name' => 'ExampleAssessmentTemplate',
'arn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw',
'assessmentRunCount' => 0,
'assessmentTargetArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
'createdAt' => ,
'durationInSeconds' => 3600,
'rulesPackageArns' => [
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP',
],
'userAttributesForFindings' => [
],
],
],
'failedItems' => [
],
]
DescribeCrossAccountAccessRole
$result = $client->describeCrossAccountAccessRole([/* ... */]); $promise = $client->describeCrossAccountAccessRoleAsync([/* ... */]);
Describes the IAM role that enables Amazon Inspector to access your AWS account.
Parameter Syntax
$result = $client->describeCrossAccountAccessRole([ ]);
Parameter Details
Members
Result Syntax
[
'registeredAt' => <DateTime>,
'roleArn' => '<string>',
'valid' => true || false,
]
Result Details
Members
- registeredAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the cross-account access role was registered.
- roleArn
-
- Required: Yes
- Type: string
The ARN that specifies the IAM role that Amazon Inspector uses to access your AWS account.
- valid
-
- Required: Yes
- Type: boolean
A Boolean value that specifies whether the IAM role has the necessary policies attached to enable Amazon Inspector to access your AWS account.
Errors
- InternalException:
Internal server error.
Examples
Example 1: Describte cross account access role
Describes the IAM role that enables Amazon Inspector to access your AWS account.
$result = $client->describeCrossAccountAccessRole([ ]);
Result syntax:
[
'registeredAt' => ,
'roleArn' => 'arn:aws:iam::123456789012:role/inspector',
'valid' => 1,
]
DescribeExclusions
$result = $client->describeExclusions([/* ... */]); $promise = $client->describeExclusionsAsync([/* ... */]);
Describes the exclusions that are specified by the exclusions' ARNs.
Parameter Syntax
$result = $client->describeExclusions([
'exclusionArns' => ['<string>', ...], // REQUIRED
'locale' => 'EN_US',
]);
Parameter Details
Members
- exclusionArns
-
- Required: Yes
- Type: Array of strings
The list of ARNs that specify the exclusions that you want to describe.
- locale
-
- Type: string
The locale into which you want to translate the exclusion's title, description, and recommendation.
Result Syntax
[
'exclusions' => [
'<Arn>' => [
'arn' => '<string>',
'attributes' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'description' => '<string>',
'recommendation' => '<string>',
'scopes' => [
[
'key' => 'INSTANCE_ID|RULES_PACKAGE_ARN',
'value' => '<string>',
],
// ...
],
'title' => '<string>',
],
// ...
],
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
]
Result Details
Members
- exclusions
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to Exclusion structures
Information about the exclusions.
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Exclusion details that cannot be described. An error code is provided for each failed item.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
DescribeFindings
$result = $client->describeFindings([/* ... */]); $promise = $client->describeFindingsAsync([/* ... */]);
Describes the findings that are specified by the ARNs of the findings.
Parameter Syntax
$result = $client->describeFindings([
'findingArns' => ['<string>', ...], // REQUIRED
'locale' => 'EN_US',
]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
The ARN that specifies the finding that you want to describe.
- locale
-
- Type: string
The locale into which you want to translate a finding description, recommendation, and the short description that identifies the finding.
Result Syntax
[
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
'findings' => [
[
'arn' => '<string>',
'assetAttributes' => [
'agentId' => '<string>',
'amiId' => '<string>',
'autoScalingGroup' => '<string>',
'hostname' => '<string>',
'ipv4Addresses' => ['<string>', ...],
'networkInterfaces' => [
[
'ipv6Addresses' => ['<string>', ...],
'networkInterfaceId' => '<string>',
'privateDnsName' => '<string>',
'privateIpAddress' => '<string>',
'privateIpAddresses' => [
[
'privateDnsName' => '<string>',
'privateIpAddress' => '<string>',
],
// ...
],
'publicDnsName' => '<string>',
'publicIp' => '<string>',
'securityGroups' => [
[
'groupId' => '<string>',
'groupName' => '<string>',
],
// ...
],
'subnetId' => '<string>',
'vpcId' => '<string>',
],
// ...
],
'schemaVersion' => <integer>,
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
'assetType' => 'ec2-instance',
'attributes' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'confidence' => <integer>,
'createdAt' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'indicatorOfCompromise' => true || false,
'numericSeverity' => <float>,
'recommendation' => '<string>',
'schemaVersion' => <integer>,
'service' => '<string>',
'serviceAttributes' => [
'assessmentRunArn' => '<string>',
'rulesPackageArn' => '<string>',
'schemaVersion' => <integer>,
],
'severity' => 'Low|Medium|High|Informational|Undefined',
'title' => '<string>',
'updatedAt' => <DateTime>,
'userAttributes' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
// ...
],
]
Result Details
Members
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Finding details that cannot be described. An error code is provided for each failed item.
- findings
-
- Required: Yes
- Type: Array of Finding structures
Information about the finding.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Examples
Example 1: Describe findings
Describes the findings that are specified by the ARNs of the findings.
$result = $client->describeFindings([
'findingArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4',
],
]);
Result syntax:
[
'failedItems' => [
],
'findings' => [
[
'arn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4',
'assetAttributes' => [
'ipv4Addresses' => [
],
'schemaVersion' => 1,
],
'assetType' => 'ec2-instance',
'attributes' => [
],
'confidence' => 10,
'createdAt' => ,
'description' => 'Amazon Inspector did not find any potential security issues during this assessment.',
'indicatorOfCompromise' => ,
'numericSeverity' => 0,
'recommendation' => 'No remediation needed.',
'schemaVersion' => 1,
'service' => 'Inspector',
'serviceAttributes' => [
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
'rulesPackageArn' => 'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP',
'schemaVersion' => 1,
],
'severity' => 'Informational',
'title' => 'No potential security issues found',
'updatedAt' => ,
'userAttributes' => [
],
],
],
]
DescribeResourceGroups
$result = $client->describeResourceGroups([/* ... */]); $promise = $client->describeResourceGroupsAsync([/* ... */]);
Describes the resource groups that are specified by the ARNs of the resource groups.
Parameter Syntax
$result = $client->describeResourceGroups([
'resourceGroupArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceGroupArns
-
- Required: Yes
- Type: Array of strings
The ARN that specifies the resource group that you want to describe.
Result Syntax
[
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
'resourceGroups' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
// ...
],
]
Result Details
Members
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Resource group details that cannot be described. An error code is provided for each failed item.
- resourceGroups
-
- Required: Yes
- Type: Array of ResourceGroup structures
Information about a resource group.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Examples
Example 1: Describe resource groups
Describes the resource groups that are specified by the ARNs of the resource groups.
$result = $client->describeResourceGroups([
'resourceGroupArns' => [
'arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI',
],
]);
Result syntax:
[
'failedItems' => [
],
'resourceGroups' => [
[
'arn' => 'arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI',
'createdAt' => ,
'tags' => [
[
'key' => 'Name',
'value' => 'example',
],
],
],
],
]
DescribeRulesPackages
$result = $client->describeRulesPackages([/* ... */]); $promise = $client->describeRulesPackagesAsync([/* ... */]);
Describes the rules packages that are specified by the ARNs of the rules packages.
Parameter Syntax
$result = $client->describeRulesPackages([
'locale' => 'EN_US',
'rulesPackageArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- locale
-
- Type: string
The locale that you want to translate a rules package description into.
- rulesPackageArns
-
- Required: Yes
- Type: Array of strings
The ARN that specifies the rules package that you want to describe.
Result Syntax
[
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
'rulesPackages' => [
[
'arn' => '<string>',
'description' => '<string>',
'name' => '<string>',
'provider' => '<string>',
'version' => '<string>',
],
// ...
],
]
Result Details
Members
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Rules package details that cannot be described. An error code is provided for each failed item.
- rulesPackages
-
- Required: Yes
- Type: Array of RulesPackage structures
Information about the rules package.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Examples
Example 1: Describe rules packages
Describes the rules packages that are specified by the ARNs of the rules packages.
$result = $client->describeRulesPackages([
'rulesPackageArns' => [
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ',
],
]);
Result syntax:
[
'failedItems' => [
],
'rulesPackages' => [
[
'version' => '1.1',
'name' => 'Security Best Practices',
'arn' => 'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ',
'description' => 'The rules in this package help determine whether your systems are configured securely.',
'provider' => 'Amazon Web Services, Inc.',
],
],
]
GetAssessmentReport
$result = $client->getAssessmentReport([/* ... */]); $promise = $client->getAssessmentReportAsync([/* ... */]);
Produces an assessment report that includes detailed and comprehensive results of a specified assessment run.
Parameter Syntax
$result = $client->getAssessmentReport([
'assessmentRunArn' => '<string>', // REQUIRED
'reportFileFormat' => 'HTML|PDF', // REQUIRED
'reportType' => 'FINDING|FULL', // REQUIRED
]);
Parameter Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment run for which you want to generate a report.
- reportFileFormat
-
- Required: Yes
- Type: string
Specifies the file format (html or pdf) of the assessment report that you want to generate.
- reportType
-
- Required: Yes
- Type: string
Specifies the type of the assessment report that you want to generate. There are two types of assessment reports: a finding report and a full report. For more information, see Assessment Reports.
Result Syntax
[
'status' => 'WORK_IN_PROGRESS|FAILED|COMPLETED',
'url' => '<string>',
]
Result Details
Members
- status
-
- Required: Yes
- Type: string
Specifies the status of the request to generate an assessment report.
- url
-
- Type: string
Specifies the URL where you can find the generated assessment report. This parameter is only returned if the report is successfully generated.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- AssessmentRunInProgressException:
You cannot perform a specified action if an assessment run is currently in progress.
- UnsupportedFeatureException:
Used by the GetAssessmentReport API. The request was rejected because you tried to generate a report for an assessment run that existed before reporting was supported in Amazon Inspector. You can only generate reports for assessment runs that took place or will take place after generating reports in Amazon Inspector became available.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
GetExclusionsPreview
$result = $client->getExclusionsPreview([/* ... */]); $promise = $client->getExclusionsPreviewAsync([/* ... */]);
Retrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token. You can obtain the preview token by running the CreateExclusionsPreview API.
Parameter Syntax
$result = $client->getExclusionsPreview([
'assessmentTemplateArn' => '<string>', // REQUIRED
'locale' => 'EN_US',
'maxResults' => <integer>,
'nextToken' => '<string>',
'previewToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentTemplateArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment template for which the exclusions preview was requested.
- locale
-
- Type: string
The locale into which you want to translate the exclusion's title, description, and recommendation.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 100. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the GetExclusionsPreviewRequest action. Subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
- previewToken
-
- Required: Yes
- Type: string
The unique identifier associated of the exclusions preview.
Result Syntax
[
'exclusionPreviews' => [
[
'attributes' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'description' => '<string>',
'recommendation' => '<string>',
'scopes' => [
[
'key' => 'INSTANCE_ID|RULES_PACKAGE_ARN',
'value' => '<string>',
],
// ...
],
'title' => '<string>',
],
// ...
],
'nextToken' => '<string>',
'previewStatus' => 'WORK_IN_PROGRESS|COMPLETED',
]
Result Details
Members
- exclusionPreviews
-
- Type: Array of ExclusionPreview structures
Information about the exclusions included in the preview.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameters is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
- previewStatus
-
- Required: Yes
- Type: string
Specifies the status of the request to generate an exclusions preview.
Errors
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- InternalException:
Internal server error.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
GetTelemetryMetadata
$result = $client->getTelemetryMetadata([/* ... */]); $promise = $client->getTelemetryMetadataAsync([/* ... */]);
Information about the data that is collected for the specified assessment run.
Parameter Syntax
$result = $client->getTelemetryMetadata([
'assessmentRunArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment run that has the telemetry data that you want to obtain.
Result Syntax
[
'telemetryMetadata' => [
[
'count' => <integer>,
'dataSize' => <integer>,
'messageType' => '<string>',
],
// ...
],
]
Result Details
Members
- telemetryMetadata
-
- Required: Yes
- Type: Array of TelemetryMetadata structures
Telemetry details.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: Get telemetry metadata
Information about the data that is collected for the specified assessment run.
$result = $client->getTelemetryMetadata([
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
]);
Result syntax:
[
'telemetryMetadata' => [
[
'count' => 2,
'dataSize' => 345,
'messageType' => 'InspectorDuplicateProcess',
],
[
'count' => 3,
'dataSize' => 255,
'messageType' => 'InspectorTimeEventMsg',
],
[
'count' => 4,
'dataSize' => 1082,
'messageType' => 'InspectorNetworkInterface',
],
[
'count' => 2,
'dataSize' => 349,
'messageType' => 'InspectorDnsEntry',
],
[
'count' => 11,
'dataSize' => 2514,
'messageType' => 'InspectorDirectoryInfoMsg',
],
[
'count' => 1,
'dataSize' => 179,
'messageType' => 'InspectorTcpV6ListeningPort',
],
[
'count' => 101,
'dataSize' => 10949,
'messageType' => 'InspectorTerminal',
],
[
'count' => 26,
'dataSize' => 5916,
'messageType' => 'InspectorUser',
],
[
'count' => 282,
'dataSize' => 32148,
'messageType' => 'InspectorDynamicallyLoadedCodeModule',
],
[
'count' => 18,
'dataSize' => 10172,
'messageType' => 'InspectorCreateProcess',
],
[
'count' => 3,
'dataSize' => 8001,
'messageType' => 'InspectorProcessPerformance',
],
[
'count' => 1,
'dataSize' => 360,
'messageType' => 'InspectorOperatingSystem',
],
[
'count' => 6,
'dataSize' => 546,
'messageType' => 'InspectorStopProcess',
],
[
'count' => 1,
'dataSize' => 1553,
'messageType' => 'InspectorInstanceMetaData',
],
[
'count' => 2,
'dataSize' => 434,
'messageType' => 'InspectorTcpV4Connection',
],
[
'count' => 474,
'dataSize' => 2960322,
'messageType' => 'InspectorPackageInfo',
],
[
'count' => 3,
'dataSize' => 2235,
'messageType' => 'InspectorSystemPerformance',
],
[
'count' => 105,
'dataSize' => 46048,
'messageType' => 'InspectorCodeModule',
],
[
'count' => 1,
'dataSize' => 182,
'messageType' => 'InspectorUdpV6ListeningPort',
],
[
'count' => 2,
'dataSize' => 371,
'messageType' => 'InspectorUdpV4ListeningPort',
],
[
'count' => 18,
'dataSize' => 8362,
'messageType' => 'InspectorKernelModule',
],
[
'count' => 29,
'dataSize' => 48788,
'messageType' => 'InspectorConfigurationInfo',
],
[
'count' => 1,
'dataSize' => 79,
'messageType' => 'InspectorMonitoringStart',
],
[
'count' => 5,
'dataSize' => 0,
'messageType' => 'InspectorSplitMsgBegin',
],
[
'count' => 51,
'dataSize' => 4593,
'messageType' => 'InspectorGroup',
],
[
'count' => 1,
'dataSize' => 184,
'messageType' => 'InspectorTcpV4ListeningPort',
],
[
'count' => 1159,
'dataSize' => 3146579,
'messageType' => 'Total',
],
[
'count' => 5,
'dataSize' => 0,
'messageType' => 'InspectorSplitMsgEnd',
],
[
'count' => 1,
'dataSize' => 612,
'messageType' => 'InspectorLoadImageInProcess',
],
],
]
ListAssessmentRunAgents
$result = $client->listAssessmentRunAgents([/* ... */]); $promise = $client->listAssessmentRunAgentsAsync([/* ... */]);
Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs.
Parameter Syntax
$result = $client->listAssessmentRunAgents([
'assessmentRunArn' => '<string>', // REQUIRED
'filter' => [
'agentHealthCodes' => ['<string>', ...], // REQUIRED
'agentHealths' => ['<string>', ...], // REQUIRED
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment run whose agents you want to list.
- filter
-
- Type: AgentFilter structure
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListAssessmentRunAgents action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'assessmentRunAgents' => [
[
'agentHealth' => 'HEALTHY|UNHEALTHY|UNKNOWN',
'agentHealthCode' => 'IDLE|RUNNING|SHUTDOWN|UNHEALTHY|THROTTLED|UNKNOWN',
'agentHealthDetails' => '<string>',
'agentId' => '<string>',
'assessmentRunArn' => '<string>',
'autoScalingGroup' => '<string>',
'telemetryMetadata' => [
[
'count' => <integer>,
'dataSize' => <integer>,
'messageType' => '<string>',
],
// ...
],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentRunAgents
-
- Required: Yes
- Type: Array of AssessmentRunAgent structures
A list of ARNs that specifies the agents returned by the action.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: List assessment run agents
Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs.
$result = $client->listAssessmentRunAgents([
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
'maxResults' => 123,
]);
Result syntax:
[
'assessmentRunAgents' => [
[
'agentHealth' => 'HEALTHY',
'agentHealthCode' => 'RUNNING',
'agentId' => 'i-49113b93',
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
'telemetryMetadata' => [
[
'count' => 2,
'dataSize' => 345,
'messageType' => 'InspectorDuplicateProcess',
],
[
'count' => 3,
'dataSize' => 255,
'messageType' => 'InspectorTimeEventMsg',
],
[
'count' => 4,
'dataSize' => 1082,
'messageType' => 'InspectorNetworkInterface',
],
[
'count' => 2,
'dataSize' => 349,
'messageType' => 'InspectorDnsEntry',
],
[
'count' => 11,
'dataSize' => 2514,
'messageType' => 'InspectorDirectoryInfoMsg',
],
[
'count' => 1,
'dataSize' => 179,
'messageType' => 'InspectorTcpV6ListeningPort',
],
[
'count' => 101,
'dataSize' => 10949,
'messageType' => 'InspectorTerminal',
],
[
'count' => 26,
'dataSize' => 5916,
'messageType' => 'InspectorUser',
],
[
'count' => 282,
'dataSize' => 32148,
'messageType' => 'InspectorDynamicallyLoadedCodeModule',
],
[
'count' => 18,
'dataSize' => 10172,
'messageType' => 'InspectorCreateProcess',
],
[
'count' => 3,
'dataSize' => 8001,
'messageType' => 'InspectorProcessPerformance',
],
[
'count' => 1,
'dataSize' => 360,
'messageType' => 'InspectorOperatingSystem',
],
[
'count' => 6,
'dataSize' => 546,
'messageType' => 'InspectorStopProcess',
],
[
'count' => 1,
'dataSize' => 1553,
'messageType' => 'InspectorInstanceMetaData',
],
[
'count' => 2,
'dataSize' => 434,
'messageType' => 'InspectorTcpV4Connection',
],
[
'count' => 474,
'dataSize' => 2960322,
'messageType' => 'InspectorPackageInfo',
],
[
'count' => 3,
'dataSize' => 2235,
'messageType' => 'InspectorSystemPerformance',
],
[
'count' => 105,
'dataSize' => 46048,
'messageType' => 'InspectorCodeModule',
],
[
'count' => 1,
'dataSize' => 182,
'messageType' => 'InspectorUdpV6ListeningPort',
],
[
'count' => 2,
'dataSize' => 371,
'messageType' => 'InspectorUdpV4ListeningPort',
],
[
'count' => 18,
'dataSize' => 8362,
'messageType' => 'InspectorKernelModule',
],
[
'count' => 29,
'dataSize' => 48788,
'messageType' => 'InspectorConfigurationInfo',
],
[
'count' => 1,
'dataSize' => 79,
'messageType' => 'InspectorMonitoringStart',
],
[
'count' => 5,
'dataSize' => 0,
'messageType' => 'InspectorSplitMsgBegin',
],
[
'count' => 51,
'dataSize' => 4593,
'messageType' => 'InspectorGroup',
],
[
'count' => 1,
'dataSize' => 184,
'messageType' => 'InspectorTcpV4ListeningPort',
],
[
'count' => 1159,
'dataSize' => 3146579,
'messageType' => 'Total',
],
[
'count' => 5,
'dataSize' => 0,
'messageType' => 'InspectorSplitMsgEnd',
],
[
'count' => 1,
'dataSize' => 612,
'messageType' => 'InspectorLoadImageInProcess',
],
],
],
],
'nextToken' => '1',
]
ListAssessmentRuns
$result = $client->listAssessmentRuns([/* ... */]); $promise = $client->listAssessmentRunsAsync([/* ... */]);
Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates.
Parameter Syntax
$result = $client->listAssessmentRuns([
'assessmentTemplateArns' => ['<string>', ...],
'filter' => [
'completionTimeRange' => [
'beginDate' => <integer || string || DateTime>,
'endDate' => <integer || string || DateTime>,
],
'durationRange' => [
'maxSeconds' => <integer>,
'minSeconds' => <integer>,
],
'namePattern' => '<string>',
'rulesPackageArns' => ['<string>', ...],
'startTimeRange' => [
'beginDate' => <integer || string || DateTime>,
'endDate' => <integer || string || DateTime>,
],
'stateChangeTimeRange' => [
'beginDate' => <integer || string || DateTime>,
'endDate' => <integer || string || DateTime>,
],
'states' => ['<string>', ...],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentTemplateArns
-
- Type: Array of strings
The ARNs that specify the assessment templates whose assessment runs you want to list.
- filter
-
- Type: AssessmentRunFilter structure
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListAssessmentRuns action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'assessmentRunArns' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentRunArns
-
- Required: Yes
- Type: Array of strings
A list of ARNs that specifies the assessment runs that are returned by the action.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: List assessment runs
Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates.
$result = $client->listAssessmentRuns([
'assessmentTemplateArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw',
],
'maxResults' => 123,
]);
Result syntax:
[
'assessmentRunArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-v5D6fI3v',
],
'nextToken' => '1',
]
ListAssessmentTargets
$result = $client->listAssessmentTargets([/* ... */]); $promise = $client->listAssessmentTargetsAsync([/* ... */]);
Lists the ARNs of the assessment targets within this AWS account. For more information about assessment targets, see Amazon Inspector Assessment Targets.
Parameter Syntax
$result = $client->listAssessmentTargets([
'filter' => [
'assessmentTargetNamePattern' => '<string>',
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- filter
-
- Type: AssessmentTargetFilter structure
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListAssessmentTargets action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'assessmentTargetArns' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentTargetArns
-
- Required: Yes
- Type: Array of strings
A list of ARNs that specifies the assessment targets that are returned by the action.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
Examples
Example 1: List assessment targets
Lists the ARNs of the assessment targets within this AWS account.
$result = $client->listAssessmentTargets([
'maxResults' => 123,
]);
Result syntax:
[
'assessmentTargetArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
],
'nextToken' => '1',
]
ListAssessmentTemplates
$result = $client->listAssessmentTemplates([/* ... */]); $promise = $client->listAssessmentTemplatesAsync([/* ... */]);
Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets.
Parameter Syntax
$result = $client->listAssessmentTemplates([
'assessmentTargetArns' => ['<string>', ...],
'filter' => [
'durationRange' => [
'maxSeconds' => <integer>,
'minSeconds' => <integer>,
],
'namePattern' => '<string>',
'rulesPackageArns' => ['<string>', ...],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentTargetArns
-
- Type: Array of strings
A list of ARNs that specifies the assessment targets whose assessment templates you want to list.
- filter
-
- Type: AssessmentTemplateFilter structure
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListAssessmentTemplates action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'assessmentTemplateArns' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentTemplateArns
-
- Required: Yes
- Type: Array of strings
A list of ARNs that specifies the assessment templates returned by the action.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: List assessment templates
Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets.
$result = $client->listAssessmentTemplates([
'assessmentTargetArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
],
'maxResults' => 123,
]);
Result syntax:
[
'assessmentTemplateArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw',
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-Uza6ihLh',
],
'nextToken' => '1',
]
ListEventSubscriptions
$result = $client->listEventSubscriptions([/* ... */]); $promise = $client->listEventSubscriptionsAsync([/* ... */]);
Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template. For more information, see SubscribeToEvent and UnsubscribeFromEvent.
Parameter Syntax
$result = $client->listEventSubscriptions([
'maxResults' => <integer>,
'nextToken' => '<string>',
'resourceArn' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListEventSubscriptions action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
- resourceArn
-
- Type: string
The ARN of the assessment template for which you want to list the existing event subscriptions.
Result Syntax
[
'nextToken' => '<string>',
'subscriptions' => [
[
'eventSubscriptions' => [
[
'event' => 'ASSESSMENT_RUN_STARTED|ASSESSMENT_RUN_COMPLETED|ASSESSMENT_RUN_STATE_CHANGED|FINDING_REPORTED|OTHER',
'subscribedAt' => <DateTime>,
],
// ...
],
'resourceArn' => '<string>',
'topicArn' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
- subscriptions
-
- Required: Yes
- Type: Array of Subscription structures
Details of the returned event subscriptions.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: List event subscriptions
Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template.
$result = $client->listEventSubscriptions([
'maxResults' => 123,
'resourceArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0',
]);
Result syntax:
[
'nextToken' => '1',
'subscriptions' => [
[
'eventSubscriptions' => [
[
'event' => 'ASSESSMENT_RUN_COMPLETED',
'subscribedAt' => ,
],
],
'resourceArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0',
'topicArn' => 'arn:aws:sns:us-west-2:123456789012:exampletopic',
],
],
]
ListExclusions
$result = $client->listExclusions([/* ... */]); $promise = $client->listExclusionsAsync([/* ... */]);
List exclusions that are generated by the assessment run.
Parameter Syntax
$result = $client->listExclusions([
'assessmentRunArn' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN of the assessment run that generated the exclusions that you want to list.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 100. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListExclusionsRequest action. Subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
Result Syntax
[
'exclusionArns' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Members
- exclusionArns
-
- Required: Yes
- Type: Array of strings
A list of exclusions' ARNs returned by the action.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameters is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs.
Parameter Syntax
$result = $client->listFindings([
'assessmentRunArns' => ['<string>', ...],
'filter' => [
'agentIds' => ['<string>', ...],
'attributes' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'autoScalingGroups' => ['<string>', ...],
'creationTimeRange' => [
'beginDate' => <integer || string || DateTime>,
'endDate' => <integer || string || DateTime>,
],
'ruleNames' => ['<string>', ...],
'rulesPackageArns' => ['<string>', ...],
'severities' => ['<string>', ...],
'userAttributes' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentRunArns
-
- Type: Array of strings
The ARNs of the assessment runs that generate the findings that you want to list.
- filter
-
- Type: FindingFilter structure
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'findingArns' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
A list of ARNs that specifies the findings returned by the action.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: List findings
Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs.
$result = $client->listFindings([
'assessmentRunArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE',
],
'maxResults' => 123,
]);
Result syntax:
[
'findingArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4',
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-v5D6fI3v/finding/0-tyvmqBLy',
],
'nextToken' => '1',
]
ListRulesPackages
$result = $client->listRulesPackages([/* ... */]); $promise = $client->listRulesPackagesAsync([/* ... */]);
Lists all available Amazon Inspector rules packages.
Parameter Syntax
$result = $client->listRulesPackages([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListRulesPackages action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'nextToken' => '<string>',
'rulesPackageArns' => ['<string>', ...],
]
Result Details
Members
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
- rulesPackageArns
-
- Required: Yes
- Type: Array of strings
The list of ARNs that specifies the rules packages returned by the action.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
Examples
Example 1: List rules packages
Lists all available Amazon Inspector rules packages.
$result = $client->listRulesPackages([
'maxResults' => 123,
]);
Result syntax:
[
'nextToken' => '1',
'rulesPackageArns' => [
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p',
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc',
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ',
'arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD',
],
]
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists all tags associated with an assessment template.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN that specifies the assessment template whose tags you want to list.
Result Syntax
[
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
]
Result Details
Members
- tags
-
- Required: Yes
- Type: Array of Tag structures
A collection of key and value pairs.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Examples
Example 1: List tags for resource
Lists all tags associated with an assessment template.
$result = $client->listTagsForResource([
'resourceArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-gcwFliYu',
]);
Result syntax:
[
'tags' => [
[
'key' => 'Name',
'value' => 'Example',
],
],
]
PreviewAgents
$result = $client->previewAgents([/* ... */]); $promise = $client->previewAgentsAsync([/* ... */]);
Previews the agents installed on the EC2 instances that are part of the specified assessment target.
Parameter Syntax
$result = $client->previewAgents([
'maxResults' => <integer>,
'nextToken' => '<string>',
'previewAgentsArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- maxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
- nextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the PreviewAgents action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
- previewAgentsArn
-
- Required: Yes
- Type: string
The ARN of the assessment target whose agents you want to preview.
Result Syntax
[
'agentPreviews' => [
[
'agentHealth' => 'HEALTHY|UNHEALTHY|UNKNOWN',
'agentId' => '<string>',
'agentVersion' => '<string>',
'autoScalingGroup' => '<string>',
'hostname' => '<string>',
'ipv4Address' => '<string>',
'kernelVersion' => '<string>',
'operatingSystem' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- agentPreviews
-
- Required: Yes
- Type: Array of AgentPreview structures
The resulting list of agents.
- nextToken
-
- Type: string
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- InvalidCrossAccountRoleException:
Amazon Inspector cannot assume the cross-account role that it needs to list your EC2 instances during the assessment run.
Examples
Example 1: Preview agents
Previews the agents installed on the EC2 instances that are part of the specified assessment target.
$result = $client->previewAgents([
'maxResults' => 123,
'previewAgentsArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq',
]);
Result syntax:
[
'agentPreviews' => [
[
'agentId' => 'i-49113b93',
],
],
'nextToken' => '1',
]
RegisterCrossAccountAccessRole
$result = $client->registerCrossAccountAccessRole([/* ... */]); $promise = $client->registerCrossAccountAccessRoleAsync([/* ... */]);
Registers the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments.
Parameter Syntax
$result = $client->registerCrossAccountAccessRole([
'roleArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- roleArn
-
- Required: Yes
- Type: string
The ARN of the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- InvalidCrossAccountRoleException:
Amazon Inspector cannot assume the cross-account role that it needs to list your EC2 instances during the assessment run.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Register cross account access role
Registers the IAM role that Amazon Inspector uses to list your EC2 instances at the start of the assessment run or when you call the PreviewAgents action.
$result = $client->registerCrossAccountAccessRole([
'roleArn' => 'arn:aws:iam::123456789012:role/inspector',
]);
RemoveAttributesFromFindings
$result = $client->removeAttributesFromFindings([/* ... */]); $promise = $client->removeAttributesFromFindingsAsync([/* ... */]);
Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists.
Parameter Syntax
$result = $client->removeAttributesFromFindings([
'attributeKeys' => ['<string>', ...], // REQUIRED
'findingArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- attributeKeys
-
- Required: Yes
- Type: Array of strings
The array of attribute keys that you want to remove from specified findings.
- findingArns
-
- Required: Yes
- Type: Array of strings
The ARNs that specify the findings that you want to remove attributes from.
Result Syntax
[
'failedItems' => [
'<Arn>' => [
'failureCode' => 'INVALID_ARN|DUPLICATE_ARN|ITEM_DOES_NOT_EXIST|ACCESS_DENIED|LIMIT_EXCEEDED|INTERNAL_ERROR',
'retryable' => true || false,
],
// ...
],
]
Result Details
Members
- failedItems
-
- Required: Yes
- Type: Associative array of custom strings keys (Arn) to FailedItemDetails structures
Attributes details that cannot be described. An error code is provided for each failed item.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Remove attributes from findings
Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists.
$result = $client->removeAttributesFromFindings([
'attributeKeys' => [
'key=Example,value=example',
],
'findingArns' => [
'arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU',
],
]);
Result syntax:
[
'failedItems' => [
],
]
SetTagsForResource
$result = $client->setTagsForResource([/* ... */]); $promise = $client->setTagsForResourceAsync([/* ... */]);
Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template.
Parameter Syntax
$result = $client->setTagsForResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the assessment template that you want to set tags to.
- tags
-
- Type: Array of Tag structures
A collection of key and value pairs that you want to set to the assessment template.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Set tags for resource
Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template.
$result = $client->setTagsForResource([
'resourceArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0',
'tags' => [
[
'key' => 'Example',
'value' => 'example',
],
],
]);
StartAssessmentRun
$result = $client->startAssessmentRun([/* ... */]); $promise = $client->startAssessmentRunAsync([/* ... */]);
Starts the assessment run specified by the ARN of the assessment template. For this API to function properly, you must not exceed the limit of running up to 500 concurrent agents per AWS account.
Parameter Syntax
$result = $client->startAssessmentRun([
'assessmentRunName' => '<string>',
'assessmentTemplateArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentRunName
-
- Type: string
You can specify the name for the assessment run. The name must be unique for the assessment template whose ARN is used to start the assessment run.
- assessmentTemplateArn
-
- Required: Yes
- Type: string
The ARN of the assessment template of the assessment run that you want to start.
Result Syntax
[
'assessmentRunArn' => '<string>',
]
Result Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN of the assessment run that has been started.
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- InvalidCrossAccountRoleException:
Amazon Inspector cannot assume the cross-account role that it needs to list your EC2 instances during the assessment run.
- AgentsAlreadyRunningAssessmentException:
You started an assessment run, but one of the instances is already participating in another assessment run.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Start assessment run
Starts the assessment run specified by the ARN of the assessment template. For this API to function properly, you must not exceed the limit of running up to 500 concurrent agents per AWS account.
$result = $client->startAssessmentRun([
'assessmentRunName' => 'examplerun',
'assessmentTemplateArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T',
]);
Result syntax:
[
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyY',
]
StopAssessmentRun
$result = $client->stopAssessmentRun([/* ... */]); $promise = $client->stopAssessmentRunAsync([/* ... */]);
Stops the assessment run that is specified by the ARN of the assessment run.
Parameter Syntax
$result = $client->stopAssessmentRun([
'assessmentRunArn' => '<string>', // REQUIRED
'stopAction' => 'START_EVALUATION|SKIP_EVALUATION',
]);
Parameter Details
Members
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN of the assessment run that you want to stop.
- stopAction
-
- Type: string
An input option that can be set to either START_EVALUATION or SKIP_EVALUATION. START_EVALUATION (the default value), stops the AWS agent from collecting data and begins the results evaluation and the findings generation process. SKIP_EVALUATION cancels the assessment run immediately, after which no findings are generated.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Stop assessment run
Stops the assessment run that is specified by the ARN of the assessment run.
$result = $client->stopAssessmentRun([
'assessmentRunArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVe',
]);
SubscribeToEvent
$result = $client->subscribeToEvent([/* ... */]); $promise = $client->subscribeToEventAsync([/* ... */]);
Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.
Parameter Syntax
$result = $client->subscribeToEvent([
'event' => 'ASSESSMENT_RUN_STARTED|ASSESSMENT_RUN_COMPLETED|ASSESSMENT_RUN_STATE_CHANGED|FINDING_REPORTED|OTHER', // REQUIRED
'resourceArn' => '<string>', // REQUIRED
'topicArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- event
-
- Required: Yes
- Type: string
The event for which you want to receive SNS notifications.
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the assessment template that is used during the event for which you want to receive SNS notifications.
- topicArn
-
- Required: Yes
- Type: string
The ARN of the SNS topic to which the SNS notifications are sent.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- LimitExceededException:
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Subscribe to event
Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.
$result = $client->subscribeToEvent([
'event' => 'ASSESSMENT_RUN_COMPLETED',
'resourceArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0',
'topicArn' => 'arn:aws:sns:us-west-2:123456789012:exampletopic',
]);
UnsubscribeFromEvent
$result = $client->unsubscribeFromEvent([/* ... */]); $promise = $client->unsubscribeFromEventAsync([/* ... */]);
Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.
Parameter Syntax
$result = $client->unsubscribeFromEvent([
'event' => 'ASSESSMENT_RUN_STARTED|ASSESSMENT_RUN_COMPLETED|ASSESSMENT_RUN_STATE_CHANGED|FINDING_REPORTED|OTHER', // REQUIRED
'resourceArn' => '<string>', // REQUIRED
'topicArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- event
-
- Required: Yes
- Type: string
The event for which you want to stop receiving SNS notifications.
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the assessment template that is used during the event for which you want to stop receiving SNS notifications.
- topicArn
-
- Required: Yes
- Type: string
The ARN of the SNS topic to which SNS notifications are sent.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Unsubscribe from event
Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.
$result = $client->unsubscribeFromEvent([
'event' => 'ASSESSMENT_RUN_COMPLETED',
'resourceArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0',
'topicArn' => 'arn:aws:sns:us-west-2:123456789012:exampletopic',
]);
UpdateAssessmentTarget
$result = $client->updateAssessmentTarget([/* ... */]); $promise = $client->updateAssessmentTargetAsync([/* ... */]);
Updates the assessment target that is specified by the ARN of the assessment target.
If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target.
Parameter Syntax
$result = $client->updateAssessmentTarget([
'assessmentTargetArn' => '<string>', // REQUIRED
'assessmentTargetName' => '<string>', // REQUIRED
'resourceGroupArn' => '<string>',
]);
Parameter Details
Members
- assessmentTargetArn
-
- Required: Yes
- Type: string
The ARN of the assessment target that you want to update.
- assessmentTargetName
-
- Required: Yes
- Type: string
The name of the assessment target that you want to update.
- resourceGroupArn
-
- Type: string
The ARN of the resource group that is used to specify the new resource group to associate with the assessment target.
Result Syntax
[]
Result Details
Errors
- InternalException:
Internal server error.
- InvalidInputException:
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
- AccessDeniedException:
You do not have required permissions to access the requested resource.
- NoSuchEntityException:
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
- ServiceTemporarilyUnavailableException:
The serice is temporary unavailable.
Examples
Example 1: Update assessment target
Updates the assessment target that is specified by the ARN of the assessment target.
$result = $client->updateAssessmentTarget([
'assessmentTargetArn' => 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX',
'assessmentTargetName' => 'Example',
'resourceGroupArn' => 'arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-yNbgL5Pt',
]);
Shapes
AccessDeniedException
Description
You do not have required permissions to access the requested resource.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- errorCode
-
- Required: Yes
- Type: string
Code that indicates the type of error that is generated.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
AgentAlreadyRunningAssessment
Description
Used in the exception error that is thrown if you start an assessment run for an assessment target that includes an EC2 instance that is already participating in another started assessment run.
Members
- agentId
-
- Required: Yes
- Type: string
ID of the agent that is running on an EC2 instance that is already participating in another started assessment run.
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN of the assessment run that has already been started.
AgentFilter
Description
Contains information about an Amazon Inspector agent. This data type is used as a request parameter in the ListAssessmentRunAgents action.
Members
- agentHealthCodes
-
- Required: Yes
- Type: Array of strings
The detailed health state of the agent. Values can be set to IDLE, RUNNING, SHUTDOWN, UNHEALTHY, THROTTLED, and UNKNOWN.
- agentHealths
-
- Required: Yes
- Type: Array of strings
The current health state of the agent. Values can be set to HEALTHY or UNHEALTHY.
AgentPreview
Description
Used as a response element in the PreviewAgents action.
Members
- agentHealth
-
- Type: string
The health status of the Amazon Inspector Agent.
- agentId
-
- Required: Yes
- Type: string
The ID of the EC2 instance where the agent is installed.
- agentVersion
-
- Type: string
The version of the Amazon Inspector Agent.
- autoScalingGroup
-
- Type: string
The Auto Scaling group for the EC2 instance where the agent is installed.
- hostname
-
- Type: string
The hostname of the EC2 instance on which the Amazon Inspector Agent is installed.
- ipv4Address
-
- Type: string
The IP address of the EC2 instance on which the Amazon Inspector Agent is installed.
- kernelVersion
-
- Type: string
The kernel version of the operating system running on the EC2 instance on which the Amazon Inspector Agent is installed.
- operatingSystem
-
- Type: string
The operating system running on the EC2 instance on which the Amazon Inspector Agent is installed.
AgentsAlreadyRunningAssessmentException
Description
You started an assessment run, but one of the instances is already participating in another assessment run.
Members
- agents
-
- Required: Yes
- Type: Array of AgentAlreadyRunningAssessment structures
- agentsTruncated
-
- Required: Yes
- Type: boolean
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
AssessmentRun
Description
A snapshot of an Amazon Inspector assessment run that contains the findings of the assessment run .
Used as the response element in the DescribeAssessmentRuns action.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the assessment run.
- assessmentTemplateArn
-
- Required: Yes
- Type: string
The ARN of the assessment template that is associated with the assessment run.
- completedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The assessment run completion time that corresponds to the rules packages evaluation completion time or failure.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when StartAssessmentRun was called.
- dataCollected
-
- Required: Yes
- Type: boolean
A Boolean value (true or false) that specifies whether the process of collecting data from the agents is completed.
- durationInSeconds
-
- Required: Yes
- Type: int
The duration of the assessment run.
- findingCounts
-
- Required: Yes
- Type: Associative array of custom strings keys (Severity) to ints
Provides a total count of generated findings per severity.
- name
-
- Required: Yes
- Type: string
The auto-generated name for the assessment run.
- notifications
-
- Required: Yes
- Type: Array of AssessmentRunNotification structures
A list of notifications for the event subscriptions. A notification about a particular generated finding is added to this list only once.
- rulesPackageArns
-
- Required: Yes
- Type: Array of strings
The rules packages selected for the assessment run.
- startedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when StartAssessmentRun was called.
- state
-
- Required: Yes
- Type: string
The state of the assessment run.
- stateChangedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time when the assessment run's state changed.
- stateChanges
-
- Required: Yes
- Type: Array of AssessmentRunStateChange structures
A list of the assessment run state changes.
- userAttributesForFindings
-
- Required: Yes
- Type: Array of Attribute structures
The user-defined attributes that are assigned to every generated finding.
AssessmentRunAgent
Description
Contains information about an Amazon Inspector agent. This data type is used as a response element in the ListAssessmentRunAgents action.
Members
- agentHealth
-
- Required: Yes
- Type: string
The current health state of the agent.
- agentHealthCode
-
- Required: Yes
- Type: string
The detailed health state of the agent.
- agentHealthDetails
-
- Type: string
The description for the agent health code.
- agentId
-
- Required: Yes
- Type: string
The AWS account of the EC2 instance where the agent is installed.
- assessmentRunArn
-
- Required: Yes
- Type: string
The ARN of the assessment run that is associated with the agent.
- autoScalingGroup
-
- Type: string
The Auto Scaling group of the EC2 instance that is specified by the agent ID.
- telemetryMetadata
-
- Required: Yes
- Type: Array of TelemetryMetadata structures
The Amazon Inspector application data metrics that are collected by the agent.
AssessmentRunFilter
Description
Used as the request parameter in the ListAssessmentRuns action.
Members
- completionTimeRange
-
- Type: TimestampRange structure
For a record to match a filter, the value that is specified for this data type property must inclusively match any value between the specified minimum and maximum values of the completedAt property of the AssessmentRun data type.
- durationRange
-
- Type: DurationRange structure
For a record to match a filter, the value that is specified for this data type property must inclusively match any value between the specified minimum and maximum values of the durationInSeconds property of the AssessmentRun data type.
- namePattern
-
- Type: string
For a record to match a filter, an explicit value or a string containing a wildcard that is specified for this data type property must match the value of the assessmentRunName property of the AssessmentRun data type.
- rulesPackageArns
-
- Type: Array of strings
For a record to match a filter, the value that is specified for this data type property must be contained in the list of values of the rulesPackages property of the AssessmentRun data type.
- startTimeRange
-
- Type: TimestampRange structure
For a record to match a filter, the value that is specified for this data type property must inclusively match any value between the specified minimum and maximum values of the startTime property of the AssessmentRun data type.
- stateChangeTimeRange
-
- Type: TimestampRange structure
For a record to match a filter, the value that is specified for this data type property must match the stateChangedAt property of the AssessmentRun data type.
- states
-
- Type: Array of strings
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the assessmentRunState property of the AssessmentRun data type.
AssessmentRunInProgressException
Description
You cannot perform a specified action if an assessment run is currently in progress.
Members
- assessmentRunArns
-
- Required: Yes
- Type: Array of strings
The ARNs of the assessment runs that are currently in progress.
- assessmentRunArnsTruncated
-
- Required: Yes
- Type: boolean
Boolean value that indicates whether the ARN list of the assessment runs is truncated.
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
AssessmentRunNotification
Description
Used as one of the elements of the AssessmentRun data type.
Members
- date
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date of the notification.
- error
-
- Required: Yes
- Type: boolean
The Boolean value that specifies whether the notification represents an error.
- event
-
- Required: Yes
- Type: string
The event for which a notification is sent.
- message
-
- Type: string
The message included in the notification.
- snsPublishStatusCode
-
- Type: string
The status code of the SNS notification.
- snsTopicArn
-
- Type: string
The SNS topic to which the SNS notification is sent.
AssessmentRunStateChange
Description
Used as one of the elements of the AssessmentRun data type.
Members
- state
-
- Required: Yes
- Type: string
The assessment run state.
- stateChangedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time the assessment run state changed.
AssessmentTarget
Description
Contains information about an Amazon Inspector application. This data type is used as the response element in the DescribeAssessmentTargets action.
Members
- arn
-
- Required: Yes
- Type: string
The ARN that specifies the Amazon Inspector assessment target.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the assessment target is created.
- name
-
- Required: Yes
- Type: string
The name of the Amazon Inspector assessment target.
- resourceGroupArn
-
- Type: string
The ARN that specifies the resource group that is associated with the assessment target.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which UpdateAssessmentTarget is called.
AssessmentTargetFilter
Description
Used as the request parameter in the ListAssessmentTargets action.
Members
- assessmentTargetNamePattern
-
- Type: string
For a record to match a filter, an explicit value or a string that contains a wildcard that is specified for this data type property must match the value of the assessmentTargetName property of the AssessmentTarget data type.
AssessmentTemplate
Description
Contains information about an Amazon Inspector assessment template. This data type is used as the response element in the DescribeAssessmentTemplates action.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the assessment template.
- assessmentRunCount
-
- Required: Yes
- Type: int
The number of existing assessment runs associated with this assessment template. This value can be zero or a positive integer.
- assessmentTargetArn
-
- Required: Yes
- Type: string
The ARN of the assessment target that corresponds to this assessment template.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the assessment template is created.
- durationInSeconds
-
- Required: Yes
- Type: int
The duration in seconds specified for this assessment template. The default value is 3600 seconds (one hour). The maximum value is 86400 seconds (one day).
- lastAssessmentRunArn
-
- Type: string
The Amazon Resource Name (ARN) of the most recent assessment run associated with this assessment template. This value exists only when the value of assessmentRunCount is greaterpa than zero.
- name
-
- Required: Yes
- Type: string
The name of the assessment template.
- rulesPackageArns
-
- Required: Yes
- Type: Array of strings
The rules packages that are specified for this assessment template.
- userAttributesForFindings
-
- Required: Yes
- Type: Array of Attribute structures
The user-defined attributes that are assigned to every generated finding from the assessment run that uses this assessment template.
AssessmentTemplateFilter
Description
Used as the request parameter in the ListAssessmentTemplates action.
Members
- durationRange
-
- Type: DurationRange structure
For a record to match a filter, the value specified for this data type property must inclusively match any value between the specified minimum and maximum values of the durationInSeconds property of the AssessmentTemplate data type.
- namePattern
-
- Type: string
For a record to match a filter, an explicit value or a string that contains a wildcard that is specified for this data type property must match the value of the assessmentTemplateName property of the AssessmentTemplate data type.
- rulesPackageArns
-
- Type: Array of strings
For a record to match a filter, the values that are specified for this data type property must be contained in the list of values of the rulesPackageArns property of the AssessmentTemplate data type.
AssetAttributes
Description
A collection of attributes of the host from which the finding is generated.
Members
- agentId
-
- Type: string
The ID of the agent that is installed on the EC2 instance where the finding is generated.
- amiId
-
- Type: string
The ID of the Amazon Machine Image (AMI) that is installed on the EC2 instance where the finding is generated.
- autoScalingGroup
-
- Type: string
The Auto Scaling group of the EC2 instance where the finding is generated.
- hostname
-
- Type: string
The hostname of the EC2 instance where the finding is generated.
- ipv4Addresses
-
- Type: Array of strings
The list of IP v4 addresses of the EC2 instance where the finding is generated.
- networkInterfaces
-
- Type: Array of NetworkInterface structures
An array of the network interfaces interacting with the EC2 instance where the finding is generated.
- schemaVersion
-
- Required: Yes
- Type: int
The schema version of this data type.
- tags
-
- Type: Array of Tag structures
The tags related to the EC2 instance where the finding is generated.
Attribute
Description
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
Members
- key
-
- Required: Yes
- Type: string
The attribute key.
- value
-
- Type: string
The value assigned to the attribute key.
DurationRange
Description
This data type is used in the AssessmentTemplateFilter data type.
Members
- maxSeconds
-
- Type: int
The maximum value of the duration range. Must be less than or equal to 604800 seconds (1 week).
- minSeconds
-
- Type: int
The minimum value of the duration range. Must be greater than zero.
EventSubscription
Description
This data type is used in the Subscription data type.
Members
- event
-
- Required: Yes
- Type: string
The event for which Amazon Simple Notification Service (SNS) notifications are sent.
- subscribedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which SubscribeToEvent is called.
Exclusion
Description
Contains information about what was excluded from an assessment run.
Members
- arn
-
- Required: Yes
- Type: string
The ARN that specifies the exclusion.
- attributes
-
- Type: Array of Attribute structures
The system-defined attributes for the exclusion.
- description
-
- Required: Yes
- Type: string
The description of the exclusion.
- recommendation
-
- Required: Yes
- Type: string
The recommendation for the exclusion.
- scopes
-
- Required: Yes
- Type: Array of Scope structures
The AWS resources for which the exclusion pertains.
- title
-
- Required: Yes
- Type: string
The name of the exclusion.
ExclusionPreview
Description
Contains information about what is excluded from an assessment run given the current state of the assessment template.
Members
- attributes
-
- Type: Array of Attribute structures
The system-defined attributes for the exclusion preview.
- description
-
- Required: Yes
- Type: string
The description of the exclusion preview.
- recommendation
-
- Required: Yes
- Type: string
The recommendation for the exclusion preview.
- scopes
-
- Required: Yes
- Type: Array of Scope structures
The AWS resources for which the exclusion preview pertains.
- title
-
- Required: Yes
- Type: string
The name of the exclusion preview.
FailedItemDetails
Description
Includes details about the failed items.
Members
- failureCode
-
- Required: Yes
- Type: string
The status code of a failed item.
- retryable
-
- Required: Yes
- Type: boolean
Indicates whether you can immediately retry a request for this item for a specified resource.
Finding
Description
Contains information about an Amazon Inspector finding. This data type is used as the response element in the DescribeFindings action.
Members
- arn
-
- Required: Yes
- Type: string
The ARN that specifies the finding.
- assetAttributes
-
- Type: AssetAttributes structure
A collection of attributes of the host from which the finding is generated.
- assetType
-
- Type: string
The type of the host from which the finding is generated.
- attributes
-
- Required: Yes
- Type: Array of Attribute structures
The system-defined attributes for the finding.
- confidence
-
- Type: int
This data element is currently not used.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the finding was generated.
- description
-
- Type: string
The description of the finding.
- id
-
- Type: string
The ID of the finding.
- indicatorOfCompromise
-
- Type: boolean
This data element is currently not used.
- numericSeverity
-
- Type: double
The numeric value of the finding severity.
- recommendation
-
- Type: string
The recommendation for the finding.
- schemaVersion
-
- Type: int
The schema version of this data type.
- service
-
- Type: string
The data element is set to "Inspector".
- serviceAttributes
-
- Type: InspectorServiceAttributes structure
This data type is used in the Finding data type.
- severity
-
- Type: string
The finding severity. Values can be set to High, Medium, Low, and Informational.
- title
-
- Type: string
The name of the finding.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when AddAttributesToFindings is called.
- userAttributes
-
- Required: Yes
- Type: Array of Attribute structures
The user-defined attributes that are assigned to the finding.
FindingFilter
Description
This data type is used as a request parameter in the ListFindings action.
Members
- agentIds
-
- Type: Array of strings
For a record to match a filter, one of the values that is specified for this data type property must be the exact match of the value of the agentId property of the Finding data type.
- attributes
-
- Type: Array of Attribute structures
For a record to match a filter, the list of values that are specified for this data type property must be contained in the list of values of the attributes property of the Finding data type.
- autoScalingGroups
-
- Type: Array of strings
For a record to match a filter, one of the values that is specified for this data type property must be the exact match of the value of the autoScalingGroup property of the Finding data type.
- creationTimeRange
-
- Type: TimestampRange structure
The time range during which the finding is generated.
- ruleNames
-
- Type: Array of strings
For a record to match a filter, one of the values that is specified for this data type property must be the exact match of the value of the ruleName property of the Finding data type.
- rulesPackageArns
-
- Type: Array of strings
For a record to match a filter, one of the values that is specified for this data type property must be the exact match of the value of the rulesPackageArn property of the Finding data type.
- severities
-
- Type: Array of strings
For a record to match a filter, one of the values that is specified for this data type property must be the exact match of the value of the severity property of the Finding data type.
- userAttributes
-
- Type: Array of Attribute structures
For a record to match a filter, the value that is specified for this data type property must be contained in the list of values of the userAttributes property of the Finding data type.
InspectorServiceAttributes
Description
This data type is used in the Finding data type.
Members
- assessmentRunArn
-
- Type: string
The ARN of the assessment run during which the finding is generated.
- rulesPackageArn
-
- Type: string
The ARN of the rules package that is used to generate the finding.
- schemaVersion
-
- Required: Yes
- Type: int
The schema version of this data type.
InternalException
Description
Internal server error.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
InvalidCrossAccountRoleException
Description
Amazon Inspector cannot assume the cross-account role that it needs to list your EC2 instances during the assessment run.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- errorCode
-
- Required: Yes
- Type: string
Code that indicates the type of error that is generated.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
InvalidInputException
Description
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- errorCode
-
- Required: Yes
- Type: string
Code that indicates the type of error that is generated.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
LimitExceededException
Description
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- errorCode
-
- Required: Yes
- Type: string
Code that indicates the type of error that is generated.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
NetworkInterface
Description
Contains information about the network interfaces interacting with an EC2 instance. This data type is used as one of the elements of the AssetAttributes data type.
Members
- ipv6Addresses
-
- Type: Array of strings
The IP addresses associated with the network interface.
- networkInterfaceId
-
- Type: string
The ID of the network interface.
- privateDnsName
-
- Type: string
The name of a private DNS associated with the network interface.
- privateIpAddress
-
- Type: string
The private IP address associated with the network interface.
- privateIpAddresses
-
- Type: Array of PrivateIp structures
A list of the private IP addresses associated with the network interface. Includes the privateDnsName and privateIpAddress.
- publicDnsName
-
- Type: string
The name of a public DNS associated with the network interface.
- publicIp
-
- Type: string
The public IP address from which the network interface is reachable.
- securityGroups
-
- Type: Array of SecurityGroup structures
A list of the security groups associated with the network interface. Includes the groupId and groupName.
- subnetId
-
- Type: string
The ID of a subnet associated with the network interface.
- vpcId
-
- Type: string
The ID of a VPC associated with the network interface.
NoSuchEntityException
Description
The request was rejected because it referenced an entity that does not exist. The error code describes the entity.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can immediately retry your request.
- errorCode
-
- Required: Yes
- Type: string
Code that indicates the type of error that is generated.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
PreviewGenerationInProgressException
Description
The request is rejected. The specified assessment template is currently generating an exclusions preview.
Members
- message
-
- Required: Yes
- Type: string
PrivateIp
Description
Contains information about a private IP address associated with a network interface. This data type is used as a response element in the DescribeFindings action.
Members
- privateDnsName
-
- Type: string
The DNS name of the private IP address.
- privateIpAddress
-
- Type: string
The full IP address of the network inteface.
ResourceGroup
Description
Contains information about a resource group. The resource group defines a set of tags that, when queried, identify the AWS resources that make up the assessment target. This data type is used as the response element in the DescribeResourceGroups action.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the resource group.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which resource group is created.
- tags
-
- Required: Yes
- Type: Array of ResourceGroupTag structures
The tags (key and value pairs) of the resource group. This data type property is used in the CreateResourceGroup action.
ResourceGroupTag
Description
This data type is used as one of the elements of the ResourceGroup data type.
Members
- key
-
- Required: Yes
- Type: string
A tag key.
- value
-
- Type: string
The value assigned to a tag key.
RulesPackage
Description
Contains information about an Amazon Inspector rules package. This data type is used as the response element in the DescribeRulesPackages action.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the rules package.
- description
-
- Type: string
The description of the rules package.
- name
-
- Required: Yes
- Type: string
The name of the rules package.
- provider
-
- Required: Yes
- Type: string
The provider of the rules package.
- version
-
- Required: Yes
- Type: string
The version ID of the rules package.
Scope
Description
This data type contains key-value pairs that identify various Amazon resources.
Members
- key
-
- Type: string
The type of the scope.
- value
-
- Type: string
The resource identifier for the specified scope type.
SecurityGroup
Description
Contains information about a security group associated with a network interface. This data type is used as one of the elements of the NetworkInterface data type.
Members
- groupId
-
- Type: string
The ID of the security group.
- groupName
-
- Type: string
The name of the security group.
ServiceTemporarilyUnavailableException
Description
The serice is temporary unavailable.
Members
- canRetry
-
- Required: Yes
- Type: boolean
You can wait and then retry your request.
- message
-
- Required: Yes
- Type: string
Details of the exception error.
Subscription
Description
This data type is used as a response element in the ListEventSubscriptions action.
Members
- eventSubscriptions
-
- Required: Yes
- Type: Array of EventSubscription structures
The list of existing event subscriptions.
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the assessment template that is used during the event for which the SNS notification is sent.
- topicArn
-
- Required: Yes
- Type: string
The ARN of the Amazon Simple Notification Service (SNS) topic to which the SNS notifications are sent.
Tag
Description
A key and value pair. This data type is used as a request parameter in the SetTagsForResource action and a response element in the ListTagsForResource action.
Members
- key
-
- Required: Yes
- Type: string
A tag key.
- value
-
- Type: string
A value assigned to a tag key.
TelemetryMetadata
Description
The metadata about the Amazon Inspector application data metrics collected by the agent. This data type is used as the response element in the GetTelemetryMetadata action.
Members
- count
-
- Required: Yes
- Type: long (int|float)
The count of messages that the agent sends to the Amazon Inspector service.
- dataSize
-
- Type: long (int|float)
The data size of messages that the agent sends to the Amazon Inspector service.
- messageType
-
- Required: Yes
- Type: string
A specific type of behavioral data that is collected by the agent.
TimestampRange
Description
This data type is used in the AssessmentRunFilter data type.
Members
- beginDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The minimum value of the timestamp range.
- endDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The maximum value of the timestamp range.
UnsupportedFeatureException
Description
Used by the GetAssessmentReport API. The request was rejected because you tried to generate a report for an assessment run that existed before reporting was supported in Amazon Inspector. You can only generate reports for assessment runs that took place or will take place after generating reports in Amazon Inspector became available.
Members
- canRetry
-
- Required: Yes
- Type: boolean
- message
-
- Required: Yes
- Type: string