AWS credentials API - PUT credentials

Updates an existing AWS credentials configuration. Check the connection status for these credentials after 10 minutes with the GET credentials request.

If a credentials configuration with the specified ID doesn’t exist, a new configuration is created.

The request consumes and produces an application/json payload.

PUT	Managed https://{your-domain}/e/{your-environment-id}/api/config/v1/aws/credentials/{id} SaaS https://{your-environment-id}.live.dexp.ae/api/config/v1/aws/credentials/{id}

Authentication

To execute this request, you need the Write configuration permission assigned to your API token. See the Authentication page to learn how to obtain and use it.

Parameters

Parameter	Type	Description	In	Required
id	string	The ID of the AWS credentials configuration to be updated.	path	required
body	AwsCredentialsConfig	The JSON body of the request. Contains updated parameters of the AWS credentials configuration.	body	optional

Request parameters JSON model

The AwsCredentialsConfig object

Configuration of an AWS credentials.

Element	Type	Description	Required
metadata	ConfigurationMetadata	Metadata useful for debugging.	optional
id	string	The unique ID of the credentials.	optional
connectionStatus	string	The status of the connection to the AWS environment. `CONNECTED`: There was a connection within last 10 minutes. `DISCONNECTED`: A problem occurred with establishing connection using these credentials. Check whether the data is correct. `UNINITIALIZED`: The successful connection has never been established for these credentials. The connectionStatus element can hold these values.	optional
label	string	The name of the credentials.	required
partitionType	string	The type of the AWS partition. The partitionType element can hold these values.	required
authenticationData	AwsAuthenticationData	The type of the AWS authentication and the respective credentials.	required
taggedOnly	boolean	Monitor only resources which have specified AWS tags (`true`) or all resources (`false`).	required
tagsToMonitor	AwsConfigTag[]	A list of AWS tags to be monitored. You can specify up to 10 tags. Only applicable when the taggedOnly parameter is set to `true`.	required
supportingServices	AwsSupportingService[]	A list of supporting services to be monitored.	optional

The AwsSupportingService object

A supporting service to be monitored.

Element	Type	Description	Required
name	string	The short name of the supporting service.	required
metrics	string[]	A list of metrics to be monitored for this service in format: `<DimensionName> <MetricName> <AggregationShortName>`.	required

The AwsConfigTag object

An AWS tag of the resource to be monitored.

Element	Type	Description	Required
name	string	The key of the AWS tag.	required
value	string	The value of the AWS tag.	required

The AwsAuthenticationData object

A credentials for the AWS authentication.

Element Type Description Required

type

string

Element	Type	Description	Required
type	string	The type of the authentication: role-based or key-based. The type element can hold these values.	required
keyBasedAuthentication	KeyBasedAuthentication	The credentials for the key-based authentication. Only applicable when the type parameter is set to `KEYS`.	optional
roleBasedAuthentication	RoleBasedAuthentication	The credentials for the role-based authentication. Only applicable when the type parameter is set to `ROLE`.	optional

The type of the authentication: role-based or key-based.

The type element can hold these values.

required

keyBasedAuthentication

KeyBasedAuthentication

The credentials for the key-based authentication.

Only applicable when the type parameter is set to KEYS.

optional

roleBasedAuthentication

RoleBasedAuthentication

The credentials for the role-based authentication.

Only applicable when the type parameter is set to ROLE.

optional

The RoleBasedAuthentication object

The credentials for the role-based authentication.

Element Type Description Required

iamRole

string

Element	Type	Description	Required
iamRole	string	The IAM role to be used by DESK to get monitoring data.	required
accountId	string	The ID of the Amazon account.	required
externalId	string	The external ID token for setting an IAM role. You can obtain it with the `GET /aws/iamExternalId` request.	optional

The IAM role to be used by DESK to get monitoring data.

required

accountId

string

The ID of the Amazon account.

required

externalId

string

The external ID token for setting an IAM role.

You can obtain it with the GET /aws/iamExternalId request.

optional

The KeyBasedAuthentication object

The credentials for the key-based authentication.

Element	Type	Description	Required
accessKey	string	The ID of the access key.	required
secretKey	string	The secret access key.	required

The ConfigurationMetadata object

Metadata useful for debugging

Element	Type	Description	Required
configurationVersions	integer[]	A Sorted list of the version numbers of the configuration.	optional
clusterVersion	string	DESK server version.	optional

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request. See the Example expandable section for working sample request.

      
  {
  "metadata": {
    "configurationVersions": [
      "integer"
    ],
    "clusterVersion": "string"
  },
  "id": "string",
  "connectionStatus": "CONNECTED",
  "label": "string",
  "partitionType": "AWS_CN",
  "authenticationData": {
    "type": "KEYS",
    "keyBasedAuthentication": {
      "accessKey": "string",
      "secretKey": "string"
    },
    "roleBasedAuthentication": {
      "iamRole": "string",
      "accountId": "string",
      "externalId": "string"
    }
  },
  "taggedOnly": true,
  "tagsToMonitor": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "supportingServices": [
    {
      "name": "string",
      "metrics": [
        "string"
      ]
    }
  ]
}

Possible values

Possible values for the type element in the AwsAuthenticationData object:

KEYS
ROLE

Possible values for the partitionType element in the AwsCredentialsConfig object:

AWS_CN
AWS_DEFAULT
AWS_US_GOV

Possible values for the connectionStatus element in the AwsCredentialsConfig object:

CONNECTED
DISCONNECTED
UNINITIALIZED

Response codes

Code	Description
201	Success. The new AWS credentials configuration has been created. The response body contains the ID of the configuration. Check the connection status for these credentials after 10 minutes with the `GET /aws/credentials/{id}` request.
204	Success. The AWS credentials configuration has been updated. Response doesn't have a body. Check the connection status for these credentials after 10 minutes with the `GET /aws/credentials/{id}` request.
400	Failed. The input is invalid.

Response format

Response parameters JSON model

The EntityShortRepresentation object

The short representation of a DESK entity.

Element	Type	Description
id	string	The ID of the DESK entity.
name	string	The name of the DESK entity.
description	string	A short description of the DESK entity.

{}

GET the external ID token

Gets the external ID token for setting an IAM role.

The request produces an application/json payload.

GET	Managed https://{your-domain}/e/{your-environment-id}/api/config/v1/aws/iamExternalId SaaS https://{your-environment-id}.live.dexp.ae/api/config/v1/aws/iamExternalId

Authentication

To execute this request, you need the Read configuration permission assigned to your API token. See the Authentication page to learn how to obtain and use it.

Response format

Response parameters JSON model

The AwsIamToken object

The external ID token for setting IAM Role in AWS.

Element	Type	Description
token	string	The external ID token for setting IAM Role in AWS.

    
{
  "token": "string"
}

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 204 indicates a valid payload.

The request consumes an application/json payload.

POST	Managed https://{your-domain}/e/{your-environment-id}/api/config/v1/aws/credentials/{id}/validator SaaS https://{your-environment-id}.live.dexp.ae/api/config/v1/aws/credentials/{id}/validator

Authentication

To execute this request, you need the Write configuration permission assigned to your API token. See the Authentication page to learn how to obtain and use it.

Response codes

Code	Description
204	Validated. The submitted configuration is valid. Response doesn't have a body.
400	Failed. The input is invalid.