Update a Snyk Cloud Environment
- AWS: Environment name and IAM role ARN (Amazon Resource Name). The new role ARN must have the same AWS account ID as the old role ARN. See Find the role ARN.
- Google: Environment name and service account email address. The new service account email must be associated with the same project ID as the old one.
For example, you would need to update the Snyk IAM role ARN if you change the role's name in the Terraform or CloudFormation template and deploy the changes.
You can update a Snyk Cloud Environment using the following methods:
- 1.Navigate to your Organization's Settings (cog icon) > Cloud environments.
- 2.In the Actions column, select the
...icon for the environment you want to update. - 3.Select Update.
Select the ... icon to update an environment. - 4.In the General section, enter the updated environment name and/or credentials.
Example of updating an AWS environment.
Example of updating a Google environment. - 5.Select Save changes.
To update an environment using the Snyk API:
First, find the ID of the Snyk Cloud Environment you want to update. Send a request to the
/cloud/environments endpoint in the below format:curl -X GET \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN'
In the output, look for the
data.id property. In the shortened example below, the ID is 3b7ccff9-8900-4e54-0000-1234abcd1234:{
"jsonapi": {
"version": "1.0"
},
"data": {
"id": "3b7ccff9-8900-4e54-0000-1234abcd1234",
<trimmed for length>
}
}
To update an environment, send a request to the
/cloud/environments/{environment_id} endpoint in the format below according to cloud provider.curl -X PATCH \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments/YOUR-ENVIRONMENT-ID?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN' \
-H "Content-Type:application/vnd.api+json" -d '{
"data": {
"attributes": {
"options": {
"role_arn": "YOUR-NEW-ROLE-ARN"
}
},
"type": "resource"
}
}'
data.attributes.options.service_account_email is required. You can choose to explicitly specify the project ID with a data.attributes.options.project_id field, but it cannot be different from the current project ID.curl -X PATCH \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments/YOUR-ENVIRONMENT-ID?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN' \
-H "Content-Type:application/vnd.api+json" -d '{
"data": {
"attributes": {
"options": {
"service_account_email": "YOUR-NEW-SERVICE-ACCOUNT-EMAIL"
}
},
"type": "resource"
}
}'
Snyk returns a JSON document containing the updated environment details. For example, the response below shows an AWS environment:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"id": "3b7ccff9-8900-4e54-0000-1234abcd1234",
"type": "environment",
"attributes": {
"name": "Example AWS Environment",
"options": {
"role_arn": "arn:aws:iam::123412341234:role/snyk-cloud-role-updated"
},
"native_id": "123412341234",
"properties": {
"account_id": "123412341234"
},
"kind": "aws",
"revision": 2,
"created_at": "2022-07-31T00:50:49Z",
"status": "success",
"updated_at": "2022-08-17T18:18:01Z"
},
"relationships": {
"organization": {
"data": {
"id": "d70c1768-5675-0000-1234-abcd1234abcd",
"type": "organization"
},
"links": {
"related": "/orgs/d70c1768-5675-0000-1234-abcd1234abcd?version=2022-12-21~beta"
}
}
}
}
}
The
data.attributes.options and data.attributes.properties fields in the JSON output vary depending on cloud provider and show the updated information.Last modified 1mo ago