Links

Step 3: Create and scan a Snyk Cloud Environment (API)

Recap You have created the Snyk Cloud IAM role. Now you can create and scan a Snyk Cloud Environment.
To send a request to the Snyk API to create and scan a Snyk Cloud Environment, you must provide the role’s Amazon Resource Name (ARN) in the API request body.

Find the role ARN

Follow the steps in Find the role ARN, then return here to learn how to send the Snyk API request.

Send the Snyk API request

After you have the role ARN, send a request to the Snyk API in the format below to create the Snyk Cloud Environment:
curl -X POST \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments?version=2022-04-13~experimental' \
-H 'Authorization: token YOUR-API-TOKEN' \
-H 'Content-Type:application/vnd.api+json' -d '{
"data": {
"attributes": {
"kind": "aws",
"name": "Example AWS Environment",
"options": {
"role_arn": "YOUR-ROLE-ARN"
}
},
"type": "environment"
}
}'
The example above uses curl, but you can use any API client, such as Postman or HTTPie.

Understand the API response

The response is a JSON document containing details about your newly created Snyk Cloud Environment; for example:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"id": "3b7ccff9-8900-4e54-0000-1234abcd1234",
"type": "environment",
"attributes": {
"name": "Example AWS Environment",
"options": {
"role_arn": "arn:aws:iam::123412341234:role/snyk-cloud-role"
},
"native_id": "123412341234",
"properties": {
"account_id": "123412341234"
},
"kind": "aws",
"revision": 1,
"created_at": "2022-07-31T00:50:49Z",
"status": "in_progress",
"updated_at": "2022-07-31T00:50:49Z"
},
"relationships": {
"organization": {
"data": {
"id": "d70c1768-5675-0000-1234-abcd1234abcd",
"type": "organization"
},
"links": {
"related": "/orgs/d70c1768-5675-0000-1234-abcd1234abcd?version=2022-04-13~experimental"
}
}
}
}
}
Snyk automatically triggers a scan when an environment is created.
Note: the data.attributes.status field in the JSON output is set to in_progress. This means that Snyk has created your environment and has started scanning it.

Check if the scan is finished

Optionally, see if the scan is finished by sending another API request in the format below to get environment details. You can find the environment ID in the data.id field of the JSON output when you created the environment.
curl -X GET \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments?id=YOUR-ENVIRONMENT-ID&version=2022-04-13~experimental' \
-H 'Authorization: token YOUR-API-TOKEN'
If the data.attributes.status field in the JSON output is set to success, Snyk has finished scanning your environment.
To re-scan an environment, see Scan a Snyk Cloud Environment.

What's next?

You can now view misconfiguration issues in the API or Snyk Web UI. See Snyk cloud issues for more information.