swagger: "2.0" host: api.riskmanager.fugue.co basePath: /v0 info: title: Fugue API version: 0.0.1 tags: - name: environments - name: scans - name: events - name: metadata securityDefinitions: basicAuth: type: basic schemes: - https consumes: - application/json produces: - application/json paths: /swagger: get: summary: Returns the OpenAPI 2.0 specification for this API. description: Returns the OpenAPI 2.0 specification for this API. operationId: getSwagger produces: - application/json - application/yaml tags: - metadata responses: "200": description: OpenAPI 2.0 specification. schema: type: object "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /swagger/ui: get: operationId: getSwaggerUI summary: Returns a friendly user interface for the OpenAPI 2.0 specification for this API. description: Returns a friendly user interface for the OpenAPI 2.0 specification for this API. security: [] produces: - text/html tags: - metadata responses: "200": description: The Swagger UI headers: Access-Control-Allow-Headers: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Origin: type: string Content-Type: type: string /environments: get: summary: Lists details for all environments. description: Lists details for all environments. operationId: listEnvironments security: - basicAuth: [] tags: - environments parameters: - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 - name: order_by in: query required: false description: Field to sort the items by. type: string enum: - created_at default: created_at - name: order_direction in: query required: false description: Direction to sort the items in. type: string enum: - asc - desc default: desc responses: "200": description: List of environments and details. schema: $ref: '#/definitions/Environments' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' post: summary: Creates a new environment. description: Creates a new environment. operationId: createEnvironment security: - basicAuth: [] tags: - environments parameters: - in: body name: environment required: true description: Configuration options for the new environment. schema: $ref: '#/definitions/CreateEnvironmentInput' responses: "201": description: New environment details. schema: $ref: '#/definitions/Environment' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /environments/{environment_id}: get: summary: Retrieves details and resource summary for an environment. description: Retrieves details and resource summary for an environment. operationId: getEnvironment security: - basicAuth: [] tags: - environments parameters: - name: environment_id in: path required: true description: Environment ID. type: string responses: "200": description: Environment details. schema: $ref: '#/definitions/EnvironmentWithSummary' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' patch: summary: Updates an environment. description: Updates an environment. operationId: updateEnvironment security: - basicAuth: [] tags: - environments parameters: - name: environment_id in: path required: true description: Environment ID. type: string - in: body name: environment description: Environment details to update. schema: $ref: '#/definitions/UpdateEnvironmentInput' responses: "200": description: Updated environment details. schema: $ref: '#/definitions/Environment' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' delete: summary: Deletes an environment. description: Deletes an environment. operationId: deleteEnvironment security: - basicAuth: [] tags: - environments parameters: - name: environment_id in: path required: true description: Environment ID. type: string responses: "204": description: Environment deleted. "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /metadata/{provider}/permissions: post: summary: Returns the permissions required to survey and remediate resources. description: Returns the permissions required to survey and remediate resources. operationId: createPolicy security: - basicAuth: [] tags: - metadata parameters: - name: provider in: path required: true description: Name of the cloud provider. type: string enum: - aws - aws_govcloud - name: input in: body required: true description: List of resource types to be able to survey and remediate. schema: $ref: '#/definitions/CreatePolicyInput' responses: "201": description: Permissions for surveying and remediating the specified resource types. schema: $ref: '#/definitions/Permissions' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /metadata/{provider}/resource_types: get: summary: Lists the resource types supported by Fugue. description: Lists the resource types supported by Fugue. operationId: getResourceTypes security: - basicAuth: [] tags: - metadata parameters: - name: provider in: path required: true description: Name of the cloud provider. type: string enum: - aws - aws_govcloud - azure - name: region in: query required: false description: The AWS region for which to return resource types. Required if provider is aws or aws_govcloud. type: string - name: beta_resources in: query required: false description: Indicates whether resource types in beta will be returned. type: boolean responses: "200": description: List of supported resource types. schema: $ref: '#/definitions/ResourceTypeMetadata' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /scans: get: summary: Lists scans for an environment. description: Lists scans for an environment. operationId: listScans security: - basicAuth: [] tags: - scans parameters: - name: environment_id in: query required: true description: ID of the environment to retrieve scans for. type: string - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 - name: order_by in: query required: false description: Field to sort the items by. type: string enum: - created_at - finished_at - updated_at default: created_at - name: order_direction in: query required: false description: Direction to sort the items in. type: string enum: - asc - desc default: desc - name: status in: query required: false collectionFormat: multi description: Status to filter by. When not specified, all statuses will be returned. type: array items: type: string enum: - CREATED - QUEUED - IN_PROGRESS - ERROR - SUCCESS - CANCELED - name: range_from in: query required: false description: Earliest created_at time to return scans from. type: integer minimum: 0 - name: range_to in: query required: false description: Latest created_at time to return scans from. type: integer minimum: 0 responses: "200": description: List of scans. schema: $ref: '#/definitions/Scans' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' post: summary: Creates and triggers a new environment scan. description: Creates and triggers a new environment scan. operationId: createScan security: - basicAuth: [] tags: - scans parameters: - name: environment_id in: query required: true description: ID of the environment to scan. type: string responses: "201": description: Scan details. schema: $ref: '#/definitions/Scan' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /scans/{scan_id}: get: summary: Retrieves details for a scan. description: Retrieves details for a scan. operationId: getScan security: - basicAuth: [] tags: - scans parameters: - name: scan_id in: path required: true description: Scan ID. type: string responses: "200": description: Scan details. schema: $ref: '#/definitions/ScanWithSummary' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /scans/{scan_id}/compliance_by_rules: get: summary: Lists compliance results by rule for a scan. description: Lists compliance results by rule for a scan. operationId: getComplianceByRules security: - basicAuth: [] tags: - scans parameters: - name: scan_id in: path required: true description: Scan ID. type: string - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 - name: family in: query required: false collectionFormat: multi description: Compliance family to filter by. When not specified, all compliance families will be returned. type: array items: type: string - name: result in: query required: false collectionFormat: multi description: Rule result to filter by. When not specified, all results will be returned. type: array items: type: string enum: - PASS - FAIL - UNKNOWN responses: "200": description: List of compliance results from a scan grouped by rule. schema: $ref: '#/definitions/ComplianceByRules' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /scans/{scan_id}/compliance_by_resource_types: get: summary: Lists compliance results by resource type for a scan. description: Lists compliance results by resource type for a scan. operationId: getComplianceByResourceTypes security: - basicAuth: [] tags: - scans parameters: - name: scan_id in: path required: true description: Scan ID. type: string - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 - name: resource_type in: query required: false collectionFormat: multi description: Resource types to filter by. When not specified, all resource types will be returned. type: array items: type: string - name: family in: query required: false collectionFormat: multi description: Compliance family to filter by. When not specified, all compliance families will be returned. type: array items: type: string responses: "200": description: List of compliance results from a scan grouped by resource type. schema: $ref: '#/definitions/ComplianceByResourceTypeOutput' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /events: get: summary: Lists drift, remediation, and compliance events for an environment. description: Lists drift, remediation, and compliance events for an environment. operationId: listEvents security: - basicAuth: [] tags: - events parameters: - name: environment_id in: query required: true description: Environment ID. type: string - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 - name: range_from in: query required: false description: Earliest created_at time to return events from. type: integer minimum: 0 - name: range_to in: query required: false description: Latest created_at time to return events from. type: integer minimum: 0 - name: event_type description: Event type to filter by. When not specified, all event types will be returned. in: query type: array collectionFormat: multi items: type: string enum: - DRIFT - REMEDIATION - COMPLIANCE - name: change description: Type of change made in the event to filter by. When not specified, all change types will be returned. in: query type: array collectionFormat: multi items: type: string enum: - ADDED - MODIFIED - REMOVED - name: remediated description: Filter remediation results for an event by success or failure. When not specified, all remediation results will be returned. in: query type: array collectionFormat: multi items: type: string enum: - SUCCESS - FAIL - name: resource_type description: Resource types in the event to filter by. When not specified, all resource types will be returned. in: query type: array collectionFormat: multi items: type: string responses: "200": description: List of drift and remediation events. schema: $ref: '#/definitions/Events' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /notifications: get: summary: Lists details for all notifications. description: Lists details for all notifications. operationId: listNotifications security: - basicAuth: [] tags: - notifications parameters: - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 responses: "200": description: List of notification details. schema: $ref: '#/definitions/Notifications' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' post: summary: Creates a new notification. description: Creates a new notification. operationId: createNotification security: - basicAuth: [] tags: - notifications parameters: - in: body name: notification required: true description: Configuration options for the new notification. schema: $ref: '#/definitions/CreateNotificationInput' responses: "201": description: New notification details. schema: $ref: '#/definitions/Notification' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /notifications/{notification_id}: put: summary: Updates an existing notification. description: Updates an existing notification. operationId: updateNotification security: - basicAuth: [] tags: - notifications parameters: - name: notification_id in: path required: true description: Notification ID. type: string - in: body name: notification required: true description: New configuration options for the notification. schema: $ref: '#/definitions/UpdateNotificationInput' responses: "200": description: New notification details. schema: $ref: '#/definitions/Notification' "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' delete: summary: Deletes a notification. description: Deletes a notification. operationId: deleteNotification security: - basicAuth: [] tags: - notifications parameters: - name: notification_id in: path required: true description: Notification ID. type: string responses: "204": description: Notification deleted. "401": description: Authentication error. schema: $ref: '#/definitions/AuthenticationError' "403": description: Authorization error. schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: Internal server error. schema: $ref: '#/definitions/InternalServerError' /rules: options: summary: CORS support. description: | Enable CORS by returning correct headers. consumes: - application/json produces: - application/json tags: - CORS responses: 200: description: Default response for CORS method headers: Access-Control-Allow-Headers: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Origin: type: string post: operationId: createCustomRule summary: Create a new custom rule. description: | Create a new custom rule. produces: - application/json security: - basicAuth: [] parameters: - in: body name: rule required: true description: Configuration options for the new custom rule. schema: $ref: '#/definitions/CreateCustomRuleInput' tags: - customRules responses: "201": description: New custom rule details. schema: $ref: '#/definitions/CustomRuleWithErrors' "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' get: operationId: listCustomRules summary: List custom rules. description: | Return a list of custom rules. produces: - application/json security: - basicAuth: [] parameters: - name: offset in: query required: false description: Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. type: integer default: 0 minimum: 0 - name: max_items in: query required: false description: Maximum number of items to return. type: integer default: 100 minimum: 1 maximum: 100 tags: - customRules responses: "200": description: List of custom rules. schema: $ref: '#/definitions/CustomRules' "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' /rules/{rule_id}: options: summary: CORS support. description: | Enable CORS by returning correct headers. consumes: - application/json produces: - application/json tags: - CORS parameters: - name: rule_id in: path required: true description: ID of the rule type: string responses: 200: description: Default response for CORS method headers: Access-Control-Allow-Headers: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Origin: type: string get: operationId: getCustomRule summary: Get details on a single custom rule. description: | Get details on a single custom rule. produces: - application/json security: - basicAuth: [] parameters: - name: rule_id in: path required: true description: The ID of the Rule to get. type: string tags: - customRules responses: "200": description: Custom rule details. schema: $ref: '#/definitions/CustomRule' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' patch: operationId: updateCustomRule summary: Update custom rule. description: | Update configuration of a custom rule. produces: - application/json security: - basicAuth: [] parameters: - name: rule_id in: path required: true description: The id of the rule to update. type: string - in: body name: rule required: true description: New configuration options for the custom rule. schema: $ref: '#/definitions/UpdateCustomRuleInput' tags: - customRules responses: "200": description: New custom rule details. schema: $ref: '#/definitions/CustomRuleWithErrors' "400": description: Bad request error. schema: $ref: '#/definitions/BadRequestError' "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "404": description: Not found error. schema: $ref: '#/definitions/NotFoundError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' delete: operationId: deleteCustomRule summary: Delete a custom rule. description: | Delete a specified custom rule. produces: - application/json security: - basicAuth: [] parameters: - name: rule_id in: path required: true description: The id of the rule to delete. type: string tags: - customRules responses: "204": description: Custom rule deleted. "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' /rules/test: options: summary: CORS support. description: | Enable CORS by returning correct headers. consumes: - application/json produces: - application/json tags: - CORS responses: 200: description: Default response for CORS method headers: Access-Control-Allow-Headers: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Origin: type: string post: operationId: testCustomRule summary: Test a custom rule. description: | Test a custom rule using state from an scan. produces: - application/json security: - basicAuth: [] parameters: - in: body name: rule required: true description: Information about custom rule to be tested. schema: $ref: '#/definitions/TestCustomRuleInput' tags: - customRules responses: "200": description: Validation results for the custom rule. schema: $ref: '#/definitions/TestCustomRuleOutput' "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' /rules/test/input: options: summary: CORS support. description: | Enable CORS by returning correct headers. consumes: - application/json produces: - application/json tags: - CORS responses: 200: description: Default response for CORS method headers: Access-Control-Allow-Headers: type: string Access-Control-Allow-Methods: type: string Access-Control-Allow-Origin: type: string get: operationId: testCustomRuleInput summary: Get the input for a custom rule test. description: | Get the input against which a custom rule would be tested. produces: - application/json security: - basicAuth: [] parameters: - in: query name: scan_id required: true description: Scan of which we should get the custom rule test input. type: string tags: - customRules responses: "200": description: Input used for the custom rule. schema: $ref: '#/definitions/TestCustomRuleInputScan' "401": description: AuthenticationError schema: $ref: '#/definitions/AuthenticationError' "403": description: AuthorizationError schema: $ref: '#/definitions/AuthorizationError' "500": description: InternalServerError schema: $ref: '#/definitions/InternalServerError' definitions: ComplianceByRule: description: Compliance rule and result. type: object properties: family: description: Name of the compliance family. type: string rule: description: Name of the compliance rule. type: string result: description: Result of the rule. type: string enum: - PASS - FAIL - UNKNOWN unsurveyed_resource_types: description: List of resource types that were not surveyed and caused the result to be unknown. type: array items: type: string failed_resource_types: description: List of resource types that failed to satisfy the rule due to a required resource being omitted and associated error messages. type: array items: description: Resource type that failed to satisfy the rule due to a required resource being omitted and associated error messages. type: object properties: resource_type: description: Resource type that failed to satisfy the rule. type: string messages: description: Messages why the rule failed. type: array items: type: string failed_resources: description: List of resources that failed to satisfy the rule due to a misconfiguration in the resource and associated error messages. type: array items: description: Resource that failed to satisfy the rule due to a misconfiguration in the resource and associated error messages. type: object properties: resource: $ref: '#/definitions/Resource' messages: description: Messages why the rule failed. type: array items: type: string ComplianceByRules: description: Paginated list of compliance rules and results for a scan. type: object properties: items: description: Paginated list of compliance rules and results for a scan. type: array items: $ref: '#/definitions/ComplianceByRule' is_truncated: description: Indicates whether there are more items at the next offset. type: boolean next_offset: description: Next offset to use to get the next page of items. type: integer count: description: Total number of items. type: integer CreateEnvironmentInput: description: Structure of the body for creating a new environment. type: object properties: name: description: Name of the environment. type: string provider: description: Name of the cloud service provider for the environment. type: string enum: - aws - aws_govcloud - azure provider_options: description: A dictionary of options for the provider. $ref: '#/definitions/ProviderOptions' compliance_families: description: List of compliance families validated against the environment. type: array items: type: string survey_resource_types: description: List of resource types to be surveyed. type: array items: type: string remediate_resource_types: description: List of resource types to be remediated if remediation is enabled. type: array items: type: string scan_schedule_enabled: description: Indicates if the new environment should have scans run on a schedule upon creation. type: boolean scan_interval: description: Time in seconds between the end of one scan to the start of the next. Must also set scan_schedule_enabled to true. type: integer minimum: 300 Environment: description: A managed environment. type: object properties: id: description: ID of the environment. type: string tenant_id: description: ID of the tenant that owns the environment. type: string name: description: Name of the environment. type: string provider: description: Name of the cloud service provider for the environment. type: string enum: - aws - aws_govcloud - azure provider_options: $ref: '#/definitions/ProviderOptions' compliance_families: description: List of compliance families validated against the environment. type: array items: type: string baseline_id: description: Scan ID of the baseline if baseline is enabled. type: string drift: description: Indicates whether drift detection is enabled for the environment. type: boolean remediation: description: Indicates whether remediation is enabled for the environment. type: boolean scan_status: description: Status of the current or most recently completed scan for the environment. type: string enum: - CREATED - QUEUED - IN_PROGRESS - ERROR - SUCCESS - CANCELED scan_interval: description: Time in seconds between the end of one scan to the start of the next. type: integer last_scan_at: description: Time the current or most recently completed scan for the environment started. type: integer next_scan_at: description: Time the next scan will start. type: integer survey_resource_types: description: List of resource types surveyed for the environment. type: array items: type: string remediate_resource_types: description: List of resource types remediated for the environment if remediation is enabled. type: array items: type: string scan_schedule_enabled: description: Indicates whether the environment should have scans run on a schedule. type: boolean EnvironmentWithSummary: description: A managed environment with its latest scan summary. allOf: - $ref: '#/definitions/Environment' - type: object properties: resource_summary: $ref: '#/definitions/ResourceSummary' Environments: description: Paginated list of environments. type: object properties: items: description: Paginated list of environments. type: array items: $ref: '#/definitions/Environment' is_truncated: description: Indicates whether there are more items at the next offset. type: boolean next_offset: description: Next offset to use to get the next page of items. type: integer count: description: Total number of items. type: integer ProviderOptions: description: Provider options. type: object properties: aws: $ref: '#/definitions/ProviderOptionsAws' aws_govcloud: $ref: '#/definitions/ProviderOptionsAws' azure: $ref: '#/definitions/ProviderOptionsAzure' ProviderOptionsAws: description: Provider options for AWS. type: object properties: region: description: The AWS region to scan and remediate infrastructure in. type: string role_arn: description: AWS IAM Role ARN that will be assumed to scan and remediate infrastructure. type: string ProviderOptionsAzure: description: Provider options for Azire. type: object properties: tenant_id: description: The tenant ID of the Azure subscription to be used type: string subscription_id: description: The subscription ID of the Azure subscription to be used type: string application_id: description: The application ID/client ID of the service principal to be used type: string client_secret: description: The client secret of the service principal to be used type: string survey_resource_groups: description: The resource groups to be surveyed type: array items: type: string remediate_resource_groups: description: The resource groups to be remediated type: array items: type: string ProviderOptionsUpdateInput: description: Mutable provider options. type: object properties: aws: $ref: '#/definitions/ProviderOptionsAwsUpdateInput' aws_govcloud: $ref: '#/definitions/ProviderOptionsAwsUpdateInput' azure: $ref: '#/definitions/ProviderOptionsAzureUpdateInput' ProviderOptionsAwsUpdateInput: description: Mutable provider options for AWS. type: object properties: role_arn: description: AWS IAM Role ARN that will be assumed to scan and remediate infrastructure. type: string ProviderOptionsAzureUpdateInput: description: Mutable provider options for Azure. type: object properties: application_id: description: The application ID/client ID of the service principal to be used type: string client_secret: description: The client secret of the service principal to be used type: string survey_resource_groups: description: The resource groups to be surveyed type: array items: type: string remediate_resource_groups: description: The resource groups to be remediated type: array items: type: string Resource: description: A resource. type: object properties: resource_id: description: Resource ID. type: string resource_type: description: Resource type. type: string ResourceSummary: description: Summary of resources for a scan. type: object properties: total: description: Total number of resources in the scan. type: integer compliant: description: Number of compliant resources. type: integer noncompliant: description: Number of noncompliant resources. type: integer rules_passed: description: Number of compliance rules passed. type: integer rules_failed: description: Number of compliance rules failed. type: integer resource_types: description: Number of resource types in the scan. type: integer families: description: Compliance summary for the compliance families run against resources for the scan. type: array items: description: Compliance summary for the compliance family run against resources for the scan. type: object properties: family: description: Name of the compliance family. type: string compliant: description: Number of compliant resources in this family. type: integer noncompliant: description: Number of noncompliant resources in this family. type: integer rules_passed: description: Number of compliance rules passed in this family. type: integer rules_failed: description: Number of compliance rules failed in this family. type: integer Permissions: description: Permissions for surveying and remediating the specified resource types. type: object properties: aws: $ref: '#/definitions/PermissionsAws' PermissionsAws: description: IAM policy required for surveying and remediating the desired resource types. type: object properties: policy: description: JSON policy for surveying and remediating the desired resource types. type: object trust_relationship: description: JSON trust relationship for IAM role type: object Scan: description: A scan belonging to an environment. type: object properties: id: description: ID of the scan. type: string environment_id: description: ID of the environment the scan belongs to. type: string created_at: description: Time the scan was created. type: integer updated_at: description: Time the scan was last updated. type: integer finished_at: description: Time the scan was finished. type: integer status: description: Status of the scan. type: string enum: - CREATED - QUEUED - IN_PROGRESS - ERROR - SUCCESS - CANCELED message: description: Message related to the scan. type: string remediation_error: description: Indicates whether there were any remediation errors on the scan. type: boolean ScanWithSummary: description: A scan belonging to an environment. allOf: - $ref: '#/definitions/Scan' - type: object properties: resource_summary: $ref: '#/definitions/ResourceSummary' resource_type_errors: type: array items: type: object properties: resource_type: type: string error_message: type: string required: - resource_type - error_message Scans: description: Paginated list of scans. type: object properties: items: description: Paginated list of scans. type: array items: $ref: '#/definitions/Scan' is_truncated: description: Indicates whether there are more items at the next offset. type: boolean next_offset: description: Next offset to use to get the next page of items. type: integer count: description: Total number of items. type: integer ResourceTypeMetadata: description: List of resource types supported by Fugue. type: object properties: resource_types: description: List of resource types supported by Fugue. type: array items: type: string Event: description: A drift or remediation event. type: object properties: id: type: string description: ID of event event_type: type: string description: Type of event - drift, remediation, or compliance. enum: - DRIFT - REMEDIATION - COMPLIANCE created_at: type: integer description: Time the event occurred. error: type: string description: Error message. resource_diff: type: object description: Difference between the old and new state of the resource. $ref: '#/definitions/ResourceDiff' compliance_diff: type: object description: Difference between the old and new compliance state of the resource. $ref: '#/definitions/ComplianceDiff' ResourceDiff: description: Difference between the old and new state of a resource after an event. type: object properties: resource_id: type: string description: ID of the resource given by the provider. resource_type: type: string description: Resource type. change: type: string description: Type of change which occurred. enum: - ADDED - MODIFIED - REMOVED attributes: type: array description: Description of the changes to the resource's attributes. items: $ref: '#/definitions/Attribute' ComplianceDiff: description: Difference between the old and new compliance state of a resource after an event. type: object properties: rules: description: List of rule evaluations that changed state after an event. type: array items: type: object properties: summary: description: Summary of the rule a resource was evaluated against. type: string old_state: description: The rule's evaluation state before an event. type: string new_state: description: The rule's evaluation state after an event. type: string old_message: description: The rule's error message before an event. type: string new_message: description: The rule's error message after an event. type: string compliance_families: description: The compliance families that a rule is evaluated for. type: array items: type: string controls: description: The compliance controls that a rule is evaluated for. type: array items: type: string old_state: type: string description: The resource's compliance state before an event. new_state: type: string description: The resource's compliance state after an event. resource_id: type: string description: ID of the resource given by the provider. resource_type: type: string description: Resource type. Attribute: description: Description of a change to a resource attribute. type: object properties: name: type: string description: Name of the attribute. attr_type: type: string description: Indicates whether the attribute type is input or output. old: type: string description: Value of the attribute before the event. new: type: string description: Value of the attribute as a result of the event. removed: type: boolean description: Indicates whether the attribute was removed. requires_new: type: boolean description: Indicates whether the attribute needed to be deleted and recreated. sensitive: type: boolean description: Indicates whether the attribute contains sensitive data. Events: description: Paginated list of drift, remediation, and compliance events. type: object properties: items: description: Paginated list of events. type: array items: $ref: '#/definitions/Event' is_truncated: description: Indicates whether there are more items at the next offset. type: boolean next_offset: description: Next offset to use to get the next page of items. type: integer count: description: 'Total number of items. DEPRECATED: This property no longer returns accurate counts when filters are applied and will be removed in future API versions' type: integer CreatePolicyInput: description: List of resource types to be able to survey and remediate. type: object properties: survey_resource_types: description: List of resource types to be able to survey. type: array items: type: string remediate_resource_types: description: List of resource types to be able to remediate. type: array items: type: string AuthenticationError: description: Error returned when the API is unable to authenticate the request. type: object properties: type: description: Type of authentication error. type: string enum: - AuthenticationError - InvalidOrMissingToken message: description: Detailed human-readable message about the authentication error. type: string code: description: HTTP status code for the error. type: integer AuthorizationError: description: Error returned when the API is unable to authorize the request. type: object properties: type: description: Type of authorization error. type: string enum: - AuthorizationError - EnvironmentAccessDenied message: description: Detailed human-readable message about the authorization error. type: string code: description: HTTP status code for the error. type: integer BadRequestError: description: Error returned when the API is presented with a bad request. type: object properties: type: description: Type of bad request. type: string enum: - BadRequest - AlreadyAttachedToDifferentTenantError - AlreadyAttachedToTenantError - AlreadyInvitedError - InvalidCredential - InvalidJSON - InvalidParameterValue - MissingParameter - RoleNotAssumable - WorkAlreadyStartedException message: description: Detailed human-readable message about the bad request. type: string code: description: HTTP status code for the error. type: integer InternalServerError: description: Error returned when the API request results in an internal server error. type: object properties: type: description: Type of internal server error. type: string enum: - InternalServerError - DatabaseError message: description: Detailed human-readable message about the internal server error. type: string code: description: HTTP status code for the error. type: integer NotFoundError: description: Error returned when the API request references a non-existent resource. type: object properties: type: description: Type of not found error. type: string enum: - NotFound message: description: Detailed human-readable message about the not found error. type: string code: description: HTTP status code for the error. type: integer UpdateEnvironmentInput: description: A managed environment. type: object properties: name: description: Name of the environment. type: string provider: description: Name of the cloud service provider for the environment. type: string enum: - aws - aws_govcloud - azure provider_options: $ref: '#/definitions/ProviderOptionsUpdateInput' compliance_families: description: List of compliance families validated against the environment. type: array items: type: string baseline_id: description: Scan ID of the baseline if baseline is enabled. type: string remediation: description: Indicates whether remediation is enabled for the environment. type: boolean survey_resource_types: description: List of resource types surveyed for the environment. type: array items: type: string remediate_resource_types: description: List of resource types remediated for the environment if remediation is enabled. type: array items: type: string scan_schedule_enabled: description: Indicates whether an environment is scanned on a schedule. type: boolean scan_interval: description: Time in seconds between the end of one scan to the start of the next. Must also set scan_schedule_enabled to true. type: integer minimum: 300 ComplianceByResourceTypeOutput: description: Paginated list of compliance results grouped by resource type. type: object properties: items: description: Paginated list of compliance results grouped by resource type. type: array items: $ref: '#/definitions/ComplianceByResourceType' is_truncated: description: Indicates whether there are more items at the next offset. type: boolean next_offset: description: Next offset to use to get the next page of items. type: integer count: description: Total number of items. type: integer ComplianceByResourceType: description: Compliance results for a resource type. type: object properties: resource_type: description: Name of the resource type. type: string total: description: Count of all resources evaluated for this resource type. type: integer compliant: description: Count of resources found to be fully compliant with all rules it has been evaulated against. type: integer noncompliant: description: List of non-compliant resources and the rules they have violated. type: array items: $ref: '#/definitions/NonCompliantResource' NonCompliantResource: description: Describes the rules violated by a resource. type: object properties: resource_id: description: ID of the failing resource. type: string failed_rules: description: List of rules and messages the resource violates. type: array items: type: object properties: family: description: Compliance family the violated rule belongs to. type: string rule: description: ID of the violated rule. type: string messages: description: Reasons the resource was found in violation of a rule. type: array items: type: string Notification: description: Describes configuration of a notification. type: object properties: notification_id: description: ID of the notification. type: string name: description: Human readable name of the notification. type: string events: description: List of events the notification is triggered on. type: array items: type: string environments: description: List of maps from environment id to name the notification is attached to. type: array items: type: object additionalProperties: type: string emails: description: List of email address the notification is delivered to. type: array items: type: string topic_arn: description: AWS SNS topic arn the notification is delivered to. type: string last_error: description: Last error recorded while processing notification. If the last notification processed had no error this field will be empty. type: string created_by: description: Principal the created the notification. type: string created_at: description: The date and time the notification was created. type: integer updated_by: description: Principal that last updated the notification. type: string updated_at: description: AWS The date and time the notification was last updated. type: integer Notifications: description: Paginiated result of notification lists. type: object properties: count: description: Count of all found notifications. type: integer next_offset: description: Next offset to use to get the next page of items. type: integer is_truncated: description: Indicates whether there are more items at the next offset. type: boolean items: description: List of notification configurations. type: array items: $ref: '#/definitions/Notification' CreateNotificationInput: description: Request for creating a new notification. type: object properties: name: description: Human readable name of the notification. type: string events: description: List of events the notification is triggered on. type: array items: type: string environments: description: List of environment ids the notification is attached to. type: array items: type: string emails: description: List of email address the notification is delivered to. type: array items: type: string topic_arn: description: AWS SNS topic arn the notification is delivered to. type: string UpdateNotificationInput: description: Request for updating an existing notification. type: object properties: name: description: Human readable name of the notification. type: string events: description: List of events the notification is triggered on. type: array items: type: string environments: description: List of environment ids the notification is attached to. type: array items: type: string emails: description: List of email address the notification is delivered to. type: array items: type: string topic_arn: description: AWS SNS topic arn the notification is delivered to. type: string CreateCustomRuleInput: description: Input request for creating a custom rule. type: object properties: name: description: Human readable name of the custom rule type: string source: description: The origin of this rule type: string enum: - FUGUE - CUSTOM description: description: Description of the custom rule type: string provider: description: Provider of the custom rule type: string enum: - AWS - AWS_GOVCLOUD - AZURE resource_type: description: Resource type to which the custom rule applies type: string rule_text: description: The rego source code for the rule type: string UpdateCustomRuleInput: description: Input request for updating a custom rule type: object properties: name: description: Human readable name of the custom rule type: string description: description: Description of the custom rule type: string status: description: Status of the custom rule type: string enum: - ENABLED - DISABLED resource_type: description: Resource type to which the custom rule applies type: string rule_text: description: Rego code used by the rule type: string CustomRule: description: A custom rule type: object properties: id: description: ID of the custom rule. type: string name: description: Human readable name of the custom rule. type: string source: description: The origin of this rule. type: string enum: - CUSTOM description: description: Description of the custom rule. type: string provider: description: Provider of the custom rule. type: string enum: - AWS - AWS_GOVCLOUD - AZURE resource_type: description: Resource type to which the custom rule applies. type: string compliance_controls: description: Compliance controls to which the custom rule belongs. type: array items: type: string status: description: The current status of the rule. type: string enum: - ENABLED - DISABLED - INVALID rule_text: description: The rego source code for the rule. type: string created_by: description: Principal that created the rule. type: string created_at: description: The date and time the rule was created. type: integer updated_by: description: Principal that last updated the rule. type: string updated_at: description: The date and time the rule was last updated. type: integer CustomRuleWithErrors: description: A custom rule and any associated syntax errors. allOf: - $ref: '#/definitions/CustomRule' - type: object properties: errors: description: Syntax errors in the rego source code. type: array items: $ref: '#/definitions/CustomRuleError' CustomRules: description: Paginated list of custom rules type: object properties: count: description: Total number of custom rules type: integer next_offset: description: Next offset to use to get the next page of items type: integer is_truncated: description: Indicates whether there are more items at the next offset type: boolean items: description: List of custom rules type: array items: $ref: '#/definitions/CustomRule' CustomRuleError: description: An error for a custom rule properties: severity: description: Severity of the error. enum: - error - warning type: string text: description: Text describing the error type: string TestCustomRuleInput: description: Input request for testing a custom rule. type: object required: - rule_text - scan_id properties: resource_type: description: Resource type to which the custom rule applies type: string rule_text: description: The rego source code for the rule type: string scan_id: description: Scan to test the custom rule with type: string TestCustomRuleOutput: description: Results from testing a custom rule. type: object properties: errors: type: array items: $ref: '#/definitions/CustomRuleError' result: type: string enum: - PASS - FAIL - UNKNOWN resources: type: array items: $ref: '#/definitions/TestCustomRuleOutputResource' TestCustomRuleOutputResource: description: Test results from testing a custom rule on a single resource. type: object properties: id: description: ID of the resource. type: string result: description: Whether or not this single resource is compliant. type: string enum: - PASS - FAIL - UNKNOWN type: description: Type of the resource. type: string TestCustomRuleInputScan: description: Scan used as input to a custom rule. type: object properties: resources: type: array items: type: object additionalProperties: true externalDocs: description: Additional Risk Manager API Documentation url: https://riskmanagerdocs.fugue.co/api.html