Get
/api/v1/discovery/scans/{id}/key_usage_report/aws
Get Scan Keys report.
Security
OAuth
OAuth 2.0 client credential flow, see https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.
FlowClient Credentials
Token URLhttps://api.armor.fortanix.com/api/v1/iam/session/oauth2/token
Path parameters
id
string (uuid) Required
Query parameters
DiscoveryAwsKeyUsageParams
object
filter
string
limit
integer
previous_id
string
previous_sort_value
string
sort_by
string
Responses
2XX
Success result
object
items
Array of object (DiscoveryAwsKeyUsageDetails)
object
key
object
account
object
details
object
name
string | null
id
string
arn
string
details
OneOf
object
object
$type
string
Valid values[
"acm"
]
analysis
object
is_expired
boolean
is_shared
boolean
key_algo_crypto_policy_compliance
object
is_compliant
boolean
violation_reason
string | null
overly_permissive_usage_violation
boolean
signature_crypto_policy_compliance
object
is_compliant
boolean
violation_reason
string | null
certificate_arn
string
created_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
domain_name
string
extended_key_usages
Array of object (DiscoveryAcmCertificateExtendedKeyUsage) | null
object
name
string
Valid values[
"any",
"code_signing",
"custom",
"email_protection",
"ipsec_end_system",
"ipsec_tunnel",
"ipsec_user",
"none",
"ocsp_signing",
"time_stamping",
"tls_web_server_authentication",
"tls_web_client_authentication",
"unknown"
]
object_identifier
string | null
issuer
string
key_algorithm
string
Valid values[
"rsa2048",
"rsa3072",
"rsa4096",
"unknown"
]
not_valid_after
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
not_valid_before
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
renewal_eligibility
string
Valid values[
"ineligible",
"eligible",
"unknown"
]
serial
string
signature_algorithm
string
Valid values[
"sha256_with_rsa",
"sha512_with_rsa",
"unknown"
]
status
string
Valid values[
"expired",
"pending",
"issued",
"failed",
"inactive",
"revoked",
"validation_timed_out",
"unknown"
]
subject_alternative_names
Array of string | null
string
used_by_services
Array of string
string
object
object
$type
string
Valid values[
"ebs"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
availability_zone
string
The region this volume will be available
kms_key_id
string | null
The arn of the key in KMS that encrypts this drive
volume_id
string | null
The ARN of the volume
volume_size
integer (int32) | null
The storage limit (in GB) of the volume
volume_state
string
Enumeration of the states that a volume may occupy.
This enum will default to the Other variant when a new variant is
found as the SDK from AWS marks their enum as "non-exhaustive"
Valid values[
"available",
"creating",
"deleted",
"deleting",
"error",
"in_use",
"other"
]
volume_type
string
Enumeration of the various types of volumes supported.
This enum will default to the Other variant when a new variant is
found as the SDK from AWS marks their enum as "non-exhaustive"
Valid values[
"gp2",
"gp3",
"io1",
"io2",
"sc1",
"st1",
"standard",
"other"
]
object
object
$type
string
Valid values[
"kms"
]
analysis
object
crypto_policy_compliance
object
is_compliant
boolean
violation_reason
string | null
is_cross_account_key
boolean | null
is_shared
boolean
overly_permissive_violations
object
management_violations
Array of object (DiscoveryKeyPolicyId)
OneOf
object
object
$type
string
Valid values[
"aws_key_policy_sid"
]
sid
string
object
object
$type
string
Valid values[
"aws_grant_id"
]
id
string
usage_violations
Array of object (DiscoveryKeyPolicyId)
OneOf
object
object
$type
string
Valid values[
"aws_key_policy_sid"
]
sid
string
object
object
$type
string
Valid values[
"aws_grant_id"
]
id
string
usage_details
object
encrypt
object
service_count
integer
usages
Array of string (DiscoveryKeyUsage) | null
string
Valid values[
"encrypt",
"unused"
]
external_key_stores
Array of object (DiscoveryAwsKmsExternalKeyStore) | null
object
id
string
name
string
key_aliases
Array of string
string
key_creation_date
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
key_id
string | null
key_manager
string
Valid values[
"aws",
"customer",
"other"
]
key_origin
string
Valid values[
"kms",
"imported",
"cloud_hsm",
"xks",
"fortanix",
"other"
]
key_rotation_status
OneOf
object
object
$type
string
Valid values[
"unknown"
]
object
object
$type
string
Valid values[
"enabled"
]
next_rotation_date
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
rotation_period
integer
Minimum0
Maximum4294967295
object
object
$type
string
Valid values[
"disabled"
]
key_spec
string
Valid values[
"rsa2048",
"rsa3072",
"rsa4096",
"ecc_nist_p256",
"ecc_nist_p384",
"ecc_nist_p521",
"ecc_secg_p256k1",
"symmetric_default",
"hmac224",
"hmac256",
"hmac384",
"hmac512",
"sm2",
"other"
]
key_state
string
Valid values[
"creating",
"enabled",
"disabled",
"pending_deletion",
"pending_import",
"pending_replica_deletion",
"unavailable",
"updating",
"other"
]
key_tags
object | null
property*
string additionalProperties
key_usage
string
Valid values[
"sign_verify",
"encrypt_decrypt",
"generate_verify_mac",
"other"
]
key_valid_to
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
last_rotated_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
source_scan_inventory_object
object
id
string (uuid)
scan_id
string (uuid)
object
object
$type
string
Valid values[
"s3"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
name
string
server_side_encryption_rules
Array of object (DiscoveryAwsServerSideEncryptionRule)
object
bucket_key_enabled
boolean
default_sse
object
kms_master_key
string | null
sse_algorithm
string
Valid values[
"aes256",
"kms",
"aws:kms_dsse",
"other"
]
object
object
$type
string
Valid values[
"rds"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
engine
string | null
engine_version
string | null
identifier
string | null
kms_key_id
string | null
object
object
$type
string
Valid values[
"dynamo_db"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
identifier
string | null
kms_key_id
string | null
object
object
$type
string
Valid values[
"eks"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
encryption_status
string
Valid values[
"encrypted",
"unencrypted"
]
kms_key_id
string | null
name
string
status
string
Valid values[
"active",
"creating",
"deleting",
"failed",
"pending",
"updating",
"unknown"
]
object
object
$type
string
Valid values[
"efs"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
file_system_id
string
kms_key_id
string | null
life_cycle_state
string
Valid values[
"available",
"creating",
"deleted",
"deleting",
"error",
"updating",
"unknown"
]
size
integer (int64) | null
object
object
$type
string
Valid values[
"redshift"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean
encrypted_with_overly_permissive_usage_key
boolean
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
encryption_status
string
Valid values[
"encrypted",
"unencrypted"
]
kms_key_id
string | null
name
string
status
string
Valid values[
"available",
"available_prep_for_resize",
"available_resize_cleanup",
"canceling_resize",
"creating",
"deleting",
"final_snapshot",
"hardware_failure",
"incompatible_hsm",
"incompatible_network",
"incompatible_parameters",
"incompatible_restore",
"modifying",
"paused",
"rebooting",
"renaming",
"resizing",
"rotating_keys",
"storage_full",
"updating_hsm",
"pausing",
"resuming",
"restoring",
"unknown"
]
region
string
Valid values[
"us-east-2",
"us-east-1",
"us-west-1",
"us-west-2",
"af-south-1",
"ap-east-1",
"ap-south-2",
"ap-southeast-3",
"ap-southeast-4",
"ap-south-1",
"ap-northeast-3",
"ap-northeast-2",
"ap-southeast-1",
"ap-southeast-2",
"ap-northeast-1",
"ca-central-1",
"ca-west-1",
"eu-central-1",
"eu-west-1",
"eu-west-2",
"eu-south-1",
"eu-west-3",
"eu-south-2",
"eu-north-1",
"eu-central-2",
"il-central-1",
"me-south-1",
"me-central-1",
"sa-east-1",
"us-gov-east-1",
"us-gov-west-1"
]
key_id
string
protected_services
Array of object (DiscoveryAwsObject)
object
account
object
details
object
name
string | null
id
string
arn
string
details
OneOf
object
object
$type
string
Valid values[
"acm"
]
analysis
object
is_expired
boolean
is_shared
boolean
key_algo_crypto_policy_compliance
object
is_compliant
boolean
violation_reason
string | null
overly_permissive_usage_violation
boolean
signature_crypto_policy_compliance
object
is_compliant
boolean
violation_reason
string | null
certificate_arn
string
created_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
domain_name
string
extended_key_usages
Array of object (DiscoveryAcmCertificateExtendedKeyUsage) | null
object
name
string
Valid values[
"any",
"code_signing",
"custom",
"email_protection",
"ipsec_end_system",
"ipsec_tunnel",
"ipsec_user",
"none",
"ocsp_signing",
"time_stamping",
"tls_web_server_authentication",
"tls_web_client_authentication",
"unknown"
]
object_identifier
string | null
issuer
string
key_algorithm
string
Valid values[
"rsa2048",
"rsa3072",
"rsa4096",
"unknown"
]
not_valid_after
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
not_valid_before
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
renewal_eligibility
string
Valid values[
"ineligible",
"eligible",
"unknown"
]
serial
string
signature_algorithm
string
Valid values[
"sha256_with_rsa",
"sha512_with_rsa",
"unknown"
]
status
string
Valid values[
"expired",
"pending",
"issued",
"failed",
"inactive",
"revoked",
"validation_timed_out",
"unknown"
]
subject_alternative_names
Array of string | null
string
used_by_services
Array of string
string
object
object
$type
string
Valid values[
"ebs"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
availability_zone
string
The region this volume will be available
kms_key_id
string | null
The arn of the key in KMS that encrypts this drive
volume_id
string | null
The ARN of the volume
volume_size
integer (int32) | null
The storage limit (in GB) of the volume
volume_state
string
Enumeration of the states that a volume may occupy.
This enum will default to the Other variant when a new variant is
found as the SDK from AWS marks their enum as "non-exhaustive"
Valid values[
"available",
"creating",
"deleted",
"deleting",
"error",
"in_use",
"other"
]
volume_type
string
Enumeration of the various types of volumes supported.
This enum will default to the Other variant when a new variant is
found as the SDK from AWS marks their enum as "non-exhaustive"
Valid values[
"gp2",
"gp3",
"io1",
"io2",
"sc1",
"st1",
"standard",
"other"
]
object
object
$type
string
Valid values[
"kms"
]
analysis
object
crypto_policy_compliance
object
is_compliant
boolean
violation_reason
string | null
is_cross_account_key
boolean | null
is_shared
boolean
overly_permissive_violations
object
management_violations
Array of object (DiscoveryKeyPolicyId)
OneOf
object
object
$type
string
Valid values[
"aws_key_policy_sid"
]
sid
string
object
object
$type
string
Valid values[
"aws_grant_id"
]
id
string
usage_violations
Array of object (DiscoveryKeyPolicyId)
OneOf
object
object
$type
string
Valid values[
"aws_key_policy_sid"
]
sid
string
object
object
$type
string
Valid values[
"aws_grant_id"
]
id
string
usage_details
object
encrypt
object
service_count
integer
usages
Array of string (DiscoveryKeyUsage) | null
string
Valid values[
"encrypt",
"unused"
]
external_key_stores
Array of object (DiscoveryAwsKmsExternalKeyStore) | null
object
id
string
name
string
key_aliases
Array of string
string
key_creation_date
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
key_id
string | null
key_manager
string
Valid values[
"aws",
"customer",
"other"
]
key_origin
string
Valid values[
"kms",
"imported",
"cloud_hsm",
"xks",
"fortanix",
"other"
]
key_rotation_status
OneOf
object
object
$type
string
Valid values[
"unknown"
]
object
object
$type
string
Valid values[
"enabled"
]
next_rotation_date
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
rotation_period
integer
Minimum0
Maximum4294967295
object
object
$type
string
Valid values[
"disabled"
]
key_spec
string
Valid values[
"rsa2048",
"rsa3072",
"rsa4096",
"ecc_nist_p256",
"ecc_nist_p384",
"ecc_nist_p521",
"ecc_secg_p256k1",
"symmetric_default",
"hmac224",
"hmac256",
"hmac384",
"hmac512",
"sm2",
"other"
]
key_state
string
Valid values[
"creating",
"enabled",
"disabled",
"pending_deletion",
"pending_import",
"pending_replica_deletion",
"unavailable",
"updating",
"other"
]
key_tags
object | null
property*
string additionalProperties
key_usage
string
Valid values[
"sign_verify",
"encrypt_decrypt",
"generate_verify_mac",
"other"
]
key_valid_to
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
last_rotated_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
source_scan_inventory_object
object
id
string (uuid)
scan_id
string (uuid)
object
object
$type
string
Valid values[
"s3"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
name
string
server_side_encryption_rules
Array of object (DiscoveryAwsServerSideEncryptionRule)
object
bucket_key_enabled
boolean
default_sse
object
kms_master_key
string | null
sse_algorithm
string
Valid values[
"aes256",
"kms",
"aws:kms_dsse",
"other"
]
object
object
$type
string
Valid values[
"rds"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
engine
string | null
engine_version
string | null
identifier
string | null
kms_key_id
string | null
object
object
$type
string
Valid values[
"dynamo_db"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
identifier
string | null
kms_key_id
string | null
object
object
$type
string
Valid values[
"eks"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
encryption_status
string
Valid values[
"encrypted",
"unencrypted"
]
kms_key_id
string | null
name
string
status
string
Valid values[
"active",
"creating",
"deleting",
"failed",
"pending",
"updating",
"unknown"
]
object
object
$type
string
Valid values[
"efs"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean | null
encrypted_with_overly_permissive_usage_key
boolean | null
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean | null
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
file_system_id
string
kms_key_id
string | null
life_cycle_state
string
Valid values[
"available",
"creating",
"deleted",
"deleting",
"error",
"updating",
"unknown"
]
size
integer (int64) | null
object
object
$type
string
Valid values[
"redshift"
]
analysis
object
encrypted_with_expired_key
boolean | null
encrypted_with_noncompliant_key
boolean
encrypted_with_overly_permissive_management_key
boolean
encrypted_with_overly_permissive_usage_key
boolean
encrypted_with_quantum_vulnerable_key
boolean | null
encrypted_with_shared_key
boolean
encryption_status
string
Valid values[
"unencrypted",
"encrypted_with_csp_generated_key",
"encrypted_with_platform_managed_key",
"encrypted_with_customer_managed_key"
]
key_availability
string
This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown
Valid values[
"available",
"soft_deleted",
"purged",
"cross_account",
"unknown"
]
encryption_status
string
Valid values[
"encrypted",
"unencrypted"
]
kms_key_id
string | null
name
string
status
string
Valid values[
"available",
"available_prep_for_resize",
"available_resize_cleanup",
"canceling_resize",
"creating",
"deleting",
"final_snapshot",
"hardware_failure",
"incompatible_hsm",
"incompatible_network",
"incompatible_parameters",
"incompatible_restore",
"modifying",
"paused",
"rebooting",
"renaming",
"resizing",
"rotating_keys",
"storage_full",
"updating_hsm",
"pausing",
"resuming",
"restoring",
"unknown"
]
region
string
Valid values[
"us-east-2",
"us-east-1",
"us-west-1",
"us-west-2",
"af-south-1",
"ap-east-1",
"ap-south-2",
"ap-southeast-3",
"ap-southeast-4",
"ap-south-1",
"ap-northeast-3",
"ap-northeast-2",
"ap-southeast-1",
"ap-southeast-2",
"ap-northeast-1",
"ca-central-1",
"ca-west-1",
"eu-central-1",
"eu-west-1",
"eu-west-2",
"eu-south-1",
"eu-west-3",
"eu-south-2",
"eu-north-1",
"eu-central-2",
"il-central-1",
"me-south-1",
"me-central-1",
"sa-east-1",
"us-gov-east-1",
"us-gov-west-1"
]