RQL query to list all the AWS accounts onboarded on Prisma Cloud
13632
Created On 01/10/22 03:14 AM - Last Modified 01/20/22 05:31 AM
Question
- RQL query to list all the AWS accounts onboarded on Prisma Cloud
Environment
- Prisma Cloud
- AWS
Answer
config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-iam-get-account-summary' AND json.rule = AccountId exists
Example
- Two existing AWS cloud accounts, 154****** and 240****** successfully onboarded on Prisma Cloud.
- The following RQL query lists the AWS cloud accounts, 154****** and 240****** onboarded on Prisma Cloud.
config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-iam-get-account-summary' AND json.rule = AccountId exists
Additional Information
- If the onboarded AWS accounts belong to an organization, then the following RQL query can be leveraged.
config from cloud.resource where api.name = 'aws-organizations-account'
- To get a list of all AWS accounts that aren't associated with an Organization, leverage the following RQL query.
config from cloud.resource where api.name = 'aws-iam-get-account-summary' as X; config from cloud.resource where api.name = 'aws-organizations-account' as Y; filter ' not ($.Y.id equals $.X.AccountId)'; show X;
- For more information on RQL, refer: Prisma Cloud Resource Query Language (RQL)
- For more information on AWS APIs Ingested by Prisma Cloud, refer: AWS APIs Ingested by Prisma Cloud