Returns a AWS CloudFormation template based on AI or CI/CSA capability.
Permissions required - Managers with full scope.
API request(JSON)
"curl -n -u""USERNAME:PASSWORD""<qualys_base_url>/qps/rest/3.0/download/am/awscloudformationtemplate""--header""Accept: application/json""--header""Content-Type: application/json"
Request POST data(JSON)
{
"ServiceRequest":{
"data":{
"AwsCloudformationTemplate":{
"awsCloudType":"Global",
"externalId":"p11-1234-12129126127",
"capability":"AI"
}
}
}
}
Response(JSON)
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":" IAM Role for Qualys EC2 Connector to fetch instances",
"Outputs":{
"RoleARN":{
"Description":"The ARN of the role that can be assumed by the Qualys EC2 Connector",
"Value":{
"Fn::GetAtt":[
"QualysRole",
"Arn"
]
}
}
},
"Resources":{
"QualysRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"RoleName":"Role_For_QualysEC2Connector",
"AssumeRolePolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"",
"Effect":"Allow",
"Principal":{
"AWS":"arn:aws:iam::xxxxxxxx:root"
},
"Action":"sts:AssumeRole",
"Condition":{
"StringEquals":{
"sts:ExternalId":"p19-1234-12129126127"
}
}
}
]
},
"Policies":[
{
"PolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"",
"Effect":"Allow",
"Action":[
"ec2:DescribeInstances",
"ec2:DescribeAddresses",
"ec2:DescribeImages"
],
"Resource":"*"
}
]
},
"PolicyName":"IAM_Policy_For_EC2Connector"
}
]
}
}
}
}