View below the various permissions requirements for AWS and Azure integrations.
AWS API Inventory Scanning
{
"Action": [
"apigateway:GET",
"elasticloadbalancing:DescribeSSLPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeListenerCertificates",
"elasticloadbalancing:DescribeRules",
"wafv2:ListWebACLs",
"wafv2:GetWebACL",
"waf:ListWebACLs",
"waf:GetWebACL",
"lambda:ListFunctions",
"lambda:ListFunctionUrlConfigs",
"lambda:GetFunctionUrlConfig",
"lambda:GetFunction",
"lambda:ListTags",
"appsync:ListGraphqlApis",
"appsync:GetGraphqlApi",
"appsync:GetSchemaCreationStatus",
"appsync:GetIntrospectionSchema",
"appsync:ListDomainNames",
"appsync:GetApiAssociation"
],
"Resource": "*",
"Effect": "Allow"
}
AZURE API Inventory Scanning
Assign the IAM role of Reader.
FireTail API Gateway logging in an AWS Region with AWS Lambda
{
"Effect": "Allow",
"Action": "apigateway:PATCH",
"Resource": [
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/apis/*/stages/*"
]
}
Learn how to set up the following integrations:
