Step 3: Create and scan a Cloud Environment (API)

Recap You have created the Snyk Cloud IAM role. Now you can create and scan a Cloud Environment.

To send a request to the Snyk API endpoint Create New Environment to create and scan a Cloud Environment, you must provide the role’s Amazon Resource Name (ARN) in the API request body.

Find the role ARN

Follow the steps in Find the role ARN and then return here to see how to send the Snyk API request.

Send the Snyk API request

After you have the role ARN, send a request to the Snyk API in the format that follows to create the Cloud Environment:

curl -X POST \
'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments?version=2022-12-21~beta' \
-H 'Authorization: token YOUR-API-TOKEN' \
-H 'Content-Type:application/vnd.api+json' -d '{
  "data": {
    "attributes": {
      "kind": "aws",
      "name": "Example AWS Environment",
      "options": {
        "role_arn": "YOUR-ROLE-ARN"
      }
    },
    "type": "environment"
  }
}'

The preceding example is curl, but you can use any API client, such as Postman or HTTPie.

Understand the API response

The response is a JSON document containing details about your newly created Cloud Environment; for example:

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": {
    "id": "3b7ccff9-8900-4e54-0000-1234abcd1234",
    "type": "environment",
    "attributes": {
      "name": "Example AWS Environment",
      "options": {
        "role_arn": "arn:aws:iam::123412341234:role/snyk-cloud-role"
      },
      "native_id": "123412341234",
      "properties": {
        "account_id": "123412341234",
        "account_alias": "example"
      },
      "kind": "aws",
      "revision": 1,
      "created_at": "2022-07-31T00:50:49Z",
      "status": "in_progress",
      "updated_at": "2022-07-31T00:50:49Z"
    },
    "relationships": {
      "organization": {
        "data": {
          "id": "d70c1768-5675-0000-1234-abcd1234abcd",
          "type": "organization"
        },
        "links": {
          "related": "/orgs/d70c1768-5675-0000-1234-abcd1234abcd?version=2022-12-21~beta"
        }
      }
    }
  }
}

Snyk automatically triggers a scan when an environment is created.

The data.attributes.status field in the JSON output is set to in_progress. This means that Snyk has created your environment and has started scanning it.

Check to see if the scan is finished

If you wish, see if the scan is finished by sending another API request in the format that follows to get environment details. You can find the environment ID in the data.id field of the JSON output when you create the environment.

curl -X GET \
  'https://api.snyk.io/rest/orgs/YOUR-ORGANIZATION-ID/cloud/environments?id=YOUR-ENVIRONMENT-ID&version=2022-12-21~beta' \
  -H 'Authorization: token YOUR-API-TOKEN'

If the data.attributes.status field in the JSON output is set to success, Snyk has finished scanning your environment.

To re-scan an environment, see Scan a Cloud Environment.

What's next?

You can now do the following:

View the cloud configuration issues Snyk finds. See Manage cloud issues.
Prioritize your vulnerabilities with cloud context.

PreviousStep 2: Create the Snyk IAM role (API)NextAzure integration for cloud configurations

Last updated 12 months ago

Was this helpful?

hashtagFind the role ARN

hashtagSend the Snyk API request

hashtagUnderstand the API response

hashtagCheck to see if the scan is finished

hashtagWhat's next?

Find the role ARN

Send the Snyk API request

Understand the API response

Check to see if the scan is finished

What's next?