Help Center/ Config/ API Reference/ Permissions Policies and Supported Actions/ Resource Aggregation
Updated on 2024-09-05 GMT+08:00
View PDF
Share

Resource Aggregation

Permissions

API

Action

Dependencies

IAM Project

Enterprise project

Authorizing a resource aggregator account

PUT /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization

rms: aggregationAuthorizations:create

-

x

Deleting authorization for a resource aggregator account

DELETE /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization/{authorized_account_id}

rms:aggregationAuthorizations:delete

-

x

Querying authorized resource aggregators accounts

GET /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization

rms:aggregationAuthorizations:list

-

x

Creating a resource aggregator

PUT /v1/resource-manager/domains/{domain_id}/aggregators

rms:aggregators:create
  • organizations:organizations:get
  • organizations:accounts:list
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:enable
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Querying resource aggregators

GET /v1/resource-manager/domains/{domain_id}/aggregators

rms:aggregators:list

-

x

Querying a specific resource aggregator

GET /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}

rms:aggregators:get

-

x

Querying the status of a specific resource aggregator account

GET /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}/aggregator-sources-status

rms:aggregators:get

-

x

Deleting a resource aggregator

DELETE /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}

rms:aggregators:delete

-

x

Updating a resource aggregator

PUT /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}

rms:aggregators:update
  • organizations:organizations:get
  • organizations:accounts:list
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:enable
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Deleting pending authorization requests

DELETE /v1/resource-manager/domains/{domain_id}/aggregators/pending-aggregation-request/{requester_account_id}

rms:aggregationRequests:delete

-

x

Querying all pending aggregation requests

GET /v1/resource-manager/domains/{domain_id}/aggregators/pending-aggregation-request

rms:aggregationRequests:list

-

x

Querying resources of a resource aggregator account

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/aggregate-discovered-resources

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Performing an advanced query on a specific aggregator

POST /v1/resource-manager/domains/{domain_id}/aggregators/{aggregator_id}/run-query

rms:aggregatorResources:runQuery

-

x

Querying details about a specific resource in a source account

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-resource-config

rms:aggregatorResources:get

-

x

Querying the number of resources of a resource aggregator account

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/aggregate-discovered-resource-counts

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Querying the compliance summary of one or more source accounts in an aggregator

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-states/compliance-summary

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Querying aggregated rules

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-assignments/compliance

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Querying compliance results of aggregated resources

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-states/compliance-details

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x

Querying details about a specified aggregated rule

POST /v1/resource-manager/domains/{domain_id}/aggregators/aggregate-data/policy-assignment/detail

rms:aggregatorResources:list
  • organizations:organizations:get
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:list
NOTE:

Only organization aggregators require these dependencies.

x
Parent Topic: Permissions Policies and Supported Actions