Connectors - List
Cloud accounts connectors of a subscription
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors?api-version=2020-01-01-preview
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
api-version
|
query | True |
string |
API version for the operation |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
Other Status Codes |
Error response describing why the operation failed |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Get all cloud accounts connectors of a subscription
Sample Request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors?api-version=2020-01-01-preview
Sample Response
{
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev1",
"name": "aws_dev1",
"type": "Microsoft.Security/connectors",
"properties": {
"hybridComputeSettings": {
"hybridComputeProvisioningState": "Valid",
"autoProvision": "On",
"resourceGroupName": "AwsConnectorRG",
"region": "West US 2",
"proxyServer": {
"ip": "287.221.107.152",
"port": "34"
},
"servicePrincipal": {
"applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
}
},
"authenticationDetails": {
"authenticationProvisioningState": "Valid",
"grantedPermissions": [
"AWS::AWSSecurityHubReadOnlyAccess",
"AWS::SecurityAudit",
"AWS::AmazonSSMAutomationRole"
],
"authenticationType": "awsCreds",
"accountId": "922315681122",
"awsAccessKeyId": "",
"awsSecretAccessKey": ""
}
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev2",
"name": "aws_dev2",
"type": "Microsoft.Security/connectors",
"properties": {
"hybridComputeSettings": {
"hybridComputeProvisioningState": "Valid",
"autoProvision": "On",
"resourceGroupName": "AwsConnectorRG",
"region": "West US 2",
"proxyServer": {
"ip": "167.210.187.160",
"port": "34"
},
"servicePrincipal": {
"applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
}
},
"authenticationDetails": {
"authenticationProvisioningState": "Valid",
"grantedPermissions": [
"AWS::AWSSecurityHubReadOnlyAccess",
"AWS::SecurityAudit",
"AWS::AmazonSSMAutomationRole"
],
"authenticationType": "awsAssumeRole",
"accountId": "81231569658",
"awsAssumeRoleArn": "arn:aws:iam::81231569658:role/AscConnector",
"awsExternalId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
}
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/gcp_dev",
"name": "gcp_dev",
"type": "Microsoft.Security/connectors",
"properties": {
"hybridComputeSettings": {
"hybridComputeProvisioningState": "Invalid",
"autoProvision": "Off",
"resourceGroupName": "",
"region": "",
"proxyServer": null,
"servicePrincipal": null
},
"authenticationDetails": {
"authenticationProvisioningState": "Valid",
"grantedPermissions": [
"GCP::Security Center Admin Viewer"
],
"authenticationType": "gcpCredentials",
"organizationId": "AscDemoOrg",
"type": "",
"projectId": "",
"privateKeyId": "",
"privateKey": "",
"clientEmail": "",
"clientId": "",
"authUri": "",
"tokenUri": "",
"authProviderX509CertUrl": "",
"clientX509CertUrl": ""
}
}
}
]
}
Definitions
Name | Description |
---|---|
authentication |
State of the multi-cloud connector |
auto |
Whether or not to automatically install Azure Arc (hybrid compute) agents on machines |
Aw |
AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to Creating a Role to Delegate Permissions to an IAM User (write only) |
Aws |
AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to Creating an IAM User in Your AWS Account (write only) |
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
Cloud |
The error detail. |
Connector |
The connector setting |
Connector |
For a subscription, list of all cloud account connectors and their settings |
Error |
The resource management error additional info. |
Gcp |
GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only) |
hybrid |
State of the service principal and its secret |
Hybrid |
Settings for hybrid compute management |
Permission |
A permission detected in the cloud account. |
Proxy |
For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use. |
Service |
Details of the service principal. |
authenticationProvisioningState
State of the multi-cloud connector
Name | Type | Description |
---|---|---|
Expired |
string |
the connection has expired |
IncorrectPolicy |
string |
Incorrect policy of the connector |
Invalid |
string |
Invalid connector |
Valid |
string |
Valid connector |
autoProvision
Whether or not to automatically install Azure Arc (hybrid compute) agents on machines
Name | Type | Description |
---|---|---|
Off |
string |
Do not install Azure Arc agent on the machines automatically |
On |
string |
Install missing Azure Arc agents on machines automatically |
AwAssumeRoleAuthenticationDetailsProperties
AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to Creating a Role to Delegate Permissions to an IAM User (write only)
Name | Type | Description |
---|---|---|
accountId |
string |
The ID of the cloud account |
authenticationProvisioningState |
State of the multi-cloud connector |
|
authenticationType |
string:
aws |
Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials. |
awsAssumeRoleArn |
string |
Assumed role ID is an identifier that you can use to create temporary security credentials. |
awsExternalId |
string |
A unique identifier that is required when you assume a role in another account. |
grantedPermissions |
The permissions detected in the cloud account. |
AwsCredsAuthenticationDetailsProperties
AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to Creating an IAM User in Your AWS Account (write only)
Name | Type | Description |
---|---|---|
accountId |
string |
The ID of the cloud account |
authenticationProvisioningState |
State of the multi-cloud connector |
|
authenticationType |
string:
aws |
Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials. |
awsAccessKeyId |
string |
Public key element of the AWS credential object (write only) |
awsSecretAccessKey |
string |
Secret key element of the AWS credential object (write only) |
grantedPermissions |
The permissions detected in the cloud account. |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
Name | Type | Description |
---|---|---|
error.additionalInfo |
The error additional info. |
|
error.code |
string |
The error code. |
error.details |
The error details. |
|
error.message |
string |
The error message. |
error.target |
string |
The error target. |
CloudErrorBody
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
ConnectorSetting
The connector setting
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
name |
string |
Resource name |
properties.authenticationDetails | AuthenticationDetailsProperties: |
Settings for authentication management, these settings are relevant only for the cloud connector. |
properties.hybridComputeSettings |
Settings for hybrid compute management. These settings are relevant only for Arc autoProvision (Hybrid Compute). |
|
type |
string |
Resource type |
ConnectorSettingList
For a subscription, list of all cloud account connectors and their settings
Name | Type | Description |
---|---|---|
nextLink |
string |
The URI to fetch the next page. |
value |
List of all the cloud account connector settings |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
GcpCredentialsDetailsProperties
GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only)
Name | Type | Description |
---|---|---|
authProviderX509CertUrl |
string |
Auth provider x509 certificate URL field of the API key (write only) |
authUri |
string |
Auth URI field of the API key (write only) |
authenticationProvisioningState |
State of the multi-cloud connector |
|
authenticationType |
string:
gcp |
Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials. |
clientEmail |
string |
Client email field of the API key (write only) |
clientId |
string |
Client ID field of the API key (write only) |
clientX509CertUrl |
string |
Client x509 certificate URL field of the API key (write only) |
grantedPermissions |
The permissions detected in the cloud account. |
|
organizationId |
string |
The organization ID of the GCP cloud account |
privateKey |
string |
Private key field of the API key (write only) |
privateKeyId |
string |
Private key ID field of the API key (write only) |
projectId |
string |
Project ID field of the API key (write only) |
tokenUri |
string |
Token URI field of the API key (write only) |
type |
string |
Type field of the API key (write only) |
hybridComputeProvisioningState
State of the service principal and its secret
Name | Type | Description |
---|---|---|
Expired |
string |
the service principal details are expired |
Invalid |
string |
Invalid service principal details. |
Valid |
string |
Valid service principal details. |
HybridComputeSettingsProperties
Settings for hybrid compute management
Name | Type | Description |
---|---|---|
autoProvision |
Whether or not to automatically install Azure Arc (hybrid compute) agents on machines |
|
hybridComputeProvisioningState |
State of the service principal and its secret |
|
proxyServer |
For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use. |
|
region |
string |
The location where the metadata of machines will be stored |
resourceGroupName |
string |
The name of the resource group where Arc (Hybrid Compute) connectors are connected. |
servicePrincipal |
An object to access resources that are secured by an Azure AD tenant. |
PermissionProperty
A permission detected in the cloud account.
Name | Type | Description |
---|---|---|
AWS::AWSSecurityHubReadOnlyAccess |
string |
This permission provides read only access to AWS Security Hub resources. |
AWS::AmazonSSMAutomationRole |
string |
The permission provides for EC2 Automation service to execute activities defined within Automation documents. |
AWS::SecurityAudit |
string |
This permission grants access to read security configuration metadata. |
GCP::Security Center Admin Viewer |
string |
This permission provides read only access to GCP Security Command Center. |
ProxyServerProperties
For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.
Name | Type | Description |
---|---|---|
ip |
string |
Proxy server IP |
port |
string |
Proxy server port |
ServicePrincipalProperties
Details of the service principal.
Name | Type | Description |
---|---|---|
applicationId |
string |
Application ID of service principal. |
secret |
string |
A secret string that the application uses to prove its identity, also can be referred to as application password (write only). |