Help Center> Config> API Reference> Permissions Policies and Supported Actions> Resource Aggregation
Updated on 2024-05-14 GMT+08:00
View PDF

Resource Aggregation

Permissions

API

Action

Dependencies

IAM Project

Enterprise project

Authorizing a resource aggregator account

PUT /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization

rms: aggregationAuthorizations:create

-

N/A

Deleting Authorization for a resource aggregator account

DELETE /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization/{authorized_account_id}

rms:aggregationAuthorizations:delete

-

N/A

Querying authorization for a resource aggregator account

GET /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization

rms:aggregationAuthorizations:list

-

N/A

Creating a resource aggregator

PUT /v1/resource-manager/domains/{domain_id}/aggregators

rms:aggregators:create
  • organizations:organizations:get
  • organizations:accounts:list
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:enable
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Querying resource aggregators

GET /v1/resource-manager/domains/{domain_id}/aggregators

rms:aggregators:list

-

N/A

Querying details about a specific resource aggregator

GET /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}

rms:aggregators:get

-

N/A

Querying statuses of accounts aggregated by a specified aggregator

GET /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}/aggregator-sources-status

rms:aggregators:get

-

N/A

Deleting a resource aggregator

DELETE /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}

rms:aggregators:delete

-

N/A

Updating a resource aggregator

PUT /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}

rms:aggregators:update
  • organizations:organizations:get
  • organizations:accounts:list
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:enable
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Deleting pending authorization requests

DELETE /v1/resource-manager/domains/{domain_id}/aggregators/pending-aggregation-request/{requester_account_id}

rms:aggregationRequests:delete

-

N/A

Querying pending aggregation requests

GET /v1/resource-manager/domains/{domain_id}/aggregators/pending-aggregation-request

rms:aggregationRequests:list

-

N/A

Querying aggregated resources

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/aggregate-discovered-resources

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Performing an advanced query on a specific aggregator

POST /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}/run-query

rms:aggregatorResources:runQuery

-

N/A

Querying details about a specific resource from a source account

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-resource-config

rms:aggregatorResources:get

-

N/A

Querying the number of resources from an aggregator account

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/aggregate-discovered-resource-counts

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Querying the compliance overview of one or more accounts in an aggregator

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-states/compliance-summary

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Querying aggregated assignments

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-assignments/compliance

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Querying evaluation results of aggregated resources

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-states/compliance-details

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A

Querying details about a specified aggregated assignment

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-assignment/detail

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

N/A
Parent Topic: Permissions Policies and Supported Actions