Links

Update a Snyk Cloud Environment

You can update the following attributes for a Snyk Cloud Environment:
  • AWS: Environment name and IAM role ARN (Amazon Resource Name). The new role ARN must have the same AWS account ID as the old role ARN. See Find the role ARN.
  • Google: Environment name and service account email address. The new service account email must be associated with the same project ID as the old one.
For example, you would need to update the Snyk IAM role ARN if you change the role's name in the Terraform or CloudFormation template and deploy the changes.
You can update a Snyk Cloud Environment using the following methods:

Web UI

To update an environment using the Snyk Web UI:
  1. 1.
    Navigate to your Organization's Settings (cog icon) > Cloud environments.
  2. 2.
    In the Actions column, select the ... icon for the environment you want to update.
  3. 3.
    Select Update.
    Select the ... icon to update an environment.
    Select the ... icon to update an environment.
  4. 4.
    In the General section, enter the updated environment name and/or credentials.
    Example of updating an AWS environment.
    Example of updating an AWS environment.
    Example of updating a Google environment.
    Example of updating a Google environment.
  5. 5.
    Select Save changes.

API

To update an environment using the Snyk API:

Find the environment ID

First, find the ID of the Snyk Cloud Environment you want to update. Send a request to the /cloud/environments endpoint in the below format:
curl -X GET \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN'
In the output, look for the data.id property. In the shortened example below, the ID is 3b7ccff9-8900-4e54-0000-1234abcd1234:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"id": "3b7ccff9-8900-4e54-0000-1234abcd1234",
<trimmed for length>
}
}

Update the environment

To update an environment, send a request to the /cloud/environments/{environment_id} endpoint in the format below according to cloud provider.

AWS

curl -X PATCH \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments/YOUR-ENVIRONMENT-ID?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN' \
-H "Content-Type:application/vnd.api+json" -d '{
"data": {
"attributes": {
"options": {
"role_arn": "YOUR-NEW-ROLE-ARN"
}
},
"type": "resource"
}
}'

Google

data.attributes.options.service_account_email is required. You can choose to explicitly specify the project ID with a data.attributes.options.project_id field, but it cannot be different from the current project ID.
curl -X PATCH \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments/YOUR-ENVIRONMENT-ID?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN' \
-H "Content-Type:application/vnd.api+json" -d '{
"data": {
"attributes": {
"options": {
"service_account_email": "YOUR-NEW-SERVICE-ACCOUNT-EMAIL"
}
},
"type": "resource"
}
}'

Understand the API response

Snyk returns a JSON document containing the updated environment details. For example, the response below shows an AWS environment:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"id": "3b7ccff9-8900-4e54-0000-1234abcd1234",
"type": "environment",
"attributes": {
"name": "Example AWS Environment",
"options": {
"role_arn": "arn:aws:iam::123412341234:role/snyk-cloud-role-updated"
},
"native_id": "123412341234",
"properties": {
"account_id": "123412341234"
},
"kind": "aws",
"revision": 2,
"created_at": "2022-07-31T00:50:49Z",
"status": "success",
"updated_at": "2022-08-17T18:18:01Z"
},
"relationships": {
"organization": {
"data": {
"id": "d70c1768-5675-0000-1234-abcd1234abcd",
"type": "organization"
},
"links": {
"related": "/orgs/d70c1768-5675-0000-1234-abcd1234abcd?version=2022-12-21~beta"
}
}
}
}
}
The data.attributes.options and data.attributes.properties fields in the JSON output vary depending on cloud provider and show the updated information.
© 2022 Snyk Limited