openapi: 3.1.0 info: title: Kion Cloud Operations API description: >- The Kion Public API provides programmatic access to manage cloud operations, governance, compliance, and financial management across AWS, Azure, GCP, and OCI. Kion is a self-hosted cloud operations platform that consolidates account provisioning, access management, compliance enforcement, and FinOps into a single interface. The API uses Bearer token authentication via Kion App API Keys and is accessible at the /api/v3/ path of your Kion instance. version: 3.10.0 contact: name: Kion Support url: https://support.kion.io license: name: Proprietary url: https://kion.io/why-kion/pricing-and-licensing/ servers: - url: https://{kion-instance}/api/v3 description: Kion Instance API Server variables: kion-instance: default: your-kion-instance.example.com description: Your Kion deployment hostname security: - bearerAuth: [] tags: - name: Accounts description: Manage cloud accounts across AWS, Azure, GCP, and OCI - name: App Configuration description: Manage Kion application configuration settings - name: Azure ARM Templates description: Manage Azure ARM templates - name: Azure Policies description: Manage Azure policies - name: Azure Roles description: Manage Azure roles - name: Cloud Access Roles description: Manage cloud access roles for OU and project level access - name: Cloud Rules description: Manage cloud rules that enforce policies on cloud accounts - name: CloudFormation Templates description: Manage AWS CloudFormation templates - name: Compliance Checks description: Manage compliance checks for auditing cloud resources - name: Compliance Standards description: Manage compliance standards grouping multiple compliance checks - name: Custom Variables description: Manage custom variables and overrides - name: Enforcements description: Manage project enforcements - name: Funding Sources description: Manage funding sources for tracking and allocating cloud spend - name: GCP IAM Roles description: Manage GCP IAM roles - name: IAM Policies description: Manage AWS IAM policies - name: Identity Management description: Manage identity management systems (IDMS) - name: Labels description: Manage labels for organizing and categorizing resources - name: Organizational Units description: Manage organizational units (OUs) for hierarchical organization - name: Permission Mappings description: Manage permission mappings at global, OU, project, and funding source levels - name: Projects description: Manage projects which are the organizational unit for attaching cloud accounts - name: SAML Group Associations description: Manage SAML group associations for SSO integration - name: Service Control Policies description: Manage AWS service control policies - name: User Groups description: Manage user groups for role-based access control - name: Users description: Manage users within the Kion platform - name: Webhooks description: Manage webhooks for event notifications paths: /account: get: operationId: listAccounts summary: Kion List accounts description: Returns a list of all cloud accounts managed by Kion. tags: - Accounts parameters: - $ref: '#/components/parameters/PageParam' - $ref: '#/components/parameters/PageSizeParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer example: 200 data: type: array items: $ref: '#/components/schemas/Account' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createAccount summary: Kion Create an account description: Creates a new cloud account in Kion. tags: - Accounts requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountCreate' responses: '201': description: Account created content: application/json: schema: type: object properties: status: type: integer example: 201 data: $ref: '#/components/schemas/Account' '401': $ref: '#/components/responses/Unauthorized' /account/{id}: get: operationId: getAccount summary: Kion Get an account description: Returns details for a specific cloud account. tags: - Accounts parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/Account' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateAccount summary: Kion Update an account description: Updates an existing cloud account. tags: - Accounts parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountUpdate' responses: '200': description: Account updated content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/Account' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /project: get: operationId: listProjects summary: Kion List projects description: Returns a list of all projects. tags: - Projects parameters: - $ref: '#/components/parameters/PageParam' - $ref: '#/components/parameters/PageSizeParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/Project' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createProject summary: Kion Create a project description: Creates a new project in Kion. tags: - Projects requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProjectCreate' responses: '201': description: Project created content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/Project' '401': $ref: '#/components/responses/Unauthorized' /project/{id}: get: operationId: getProject summary: Kion Get a project description: Returns details for a specific project. tags: - Projects parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/Project' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateProject summary: Kion Update a project description: Updates an existing project. tags: - Projects parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProjectUpdate' responses: '200': description: Project updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteProject summary: Kion Delete a project description: Deletes a project. tags: - Projects parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Project deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /project/{id}/note: get: operationId: listProjectNotes summary: Kion List project notes description: Returns notes for a specific project. tags: - Projects parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/ProjectNote' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createProjectNote summary: Kion Create a project note description: Creates a note on a project. tags: - Projects parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProjectNoteCreate' responses: '201': description: Note created '401': $ref: '#/components/responses/Unauthorized' /project/{id}/enforcement: get: operationId: listProjectEnforcements summary: Kion List project enforcements description: Returns enforcements for a specific project. tags: - Enforcements parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/ProjectEnforcement' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createProjectEnforcement summary: Kion Create a project enforcement description: Creates an enforcement on a project. tags: - Enforcements parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProjectEnforcementCreate' responses: '201': description: Enforcement created '401': $ref: '#/components/responses/Unauthorized' /project/{id}/cloud-access-role: get: operationId: listProjectCloudAccessRoles summary: Kion List project cloud access roles description: Returns cloud access roles for a specific project. tags: - Cloud Access Roles parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/CloudAccessRole' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createProjectCloudAccessRole summary: Kion Create a project cloud access role description: Creates a cloud access role on a project. tags: - Cloud Access Roles parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloudAccessRoleCreate' responses: '201': description: Cloud access role created '401': $ref: '#/components/responses/Unauthorized' /project/{id}/permission-mapping: get: operationId: listProjectPermissionMappings summary: Kion List project permission mappings description: Returns permission mappings for a specific project. tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' post: operationId: createProjectPermissionMapping summary: Kion Create a project permission mapping description: Creates a permission mapping on a project. tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PermissionMappingCreate' responses: '201': description: Permission mapping created '401': $ref: '#/components/responses/Unauthorized' /ou: get: operationId: listOUs summary: Kion List organizational units description: Returns a list of all organizational units. tags: - Organizational Units parameters: - $ref: '#/components/parameters/PageParam' - $ref: '#/components/parameters/PageSizeParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/OU' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createOU summary: Kion Create an organizational unit description: Creates a new organizational unit. tags: - Organizational Units requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/OUCreate' responses: '201': description: OU created content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/OU' '401': $ref: '#/components/responses/Unauthorized' /ou/{id}: get: operationId: getOU summary: Kion Get an organizational unit description: Returns details for a specific organizational unit. tags: - Organizational Units parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/OU' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateOU summary: Kion Update an organizational unit description: Updates an existing organizational unit. tags: - Organizational Units parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/OUUpdate' responses: '200': description: OU updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteOU summary: Kion Delete an organizational unit description: Deletes an organizational unit. tags: - Organizational Units parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: OU deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /ou/{id}/cloud-access-role: get: operationId: listOUCloudAccessRoles summary: Kion List OU cloud access roles description: Returns cloud access roles for a specific OU. tags: - Cloud Access Roles parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' post: operationId: createOUCloudAccessRole summary: Kion Create an OU cloud access role description: Creates a cloud access role on an OU. tags: - Cloud Access Roles parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloudAccessRoleCreate' responses: '201': description: Cloud access role created '401': $ref: '#/components/responses/Unauthorized' /ou/{id}/permission-mapping: get: operationId: listOUPermissionMappings summary: Kion List OU permission mappings description: Returns permission mappings for a specific OU. tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' post: operationId: createOUPermissionMapping summary: Kion Create an OU permission mapping description: Creates a permission mapping on an OU. tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PermissionMappingCreate' responses: '201': description: Permission mapping created '401': $ref: '#/components/responses/Unauthorized' /cloud-rule: get: operationId: listCloudRules summary: Kion List cloud rules description: Returns a list of all cloud rules. tags: - Cloud Rules responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/CloudRule' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createCloudRule summary: Kion Create a cloud rule description: Creates a new cloud rule. tags: - Cloud Rules requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloudRuleCreate' responses: '201': description: Cloud rule created '401': $ref: '#/components/responses/Unauthorized' /cloud-rule/{id}: get: operationId: getCloudRule summary: Kion Get a cloud rule description: Returns details for a specific cloud rule. tags: - Cloud Rules parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/CloudRule' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateCloudRule summary: Kion Update a cloud rule description: Updates an existing cloud rule. tags: - Cloud Rules parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloudRuleUpdate' responses: '200': description: Cloud rule updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteCloudRule summary: Kion Delete a cloud rule description: Deletes a cloud rule. tags: - Cloud Rules parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Cloud rule deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /compliance-check: get: operationId: listComplianceChecks summary: Kion List compliance checks description: Returns a list of all compliance checks. tags: - Compliance Checks responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/ComplianceCheck' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createComplianceCheck summary: Kion Create a compliance check description: Creates a new compliance check. tags: - Compliance Checks requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ComplianceCheckCreate' responses: '201': description: Compliance check created '401': $ref: '#/components/responses/Unauthorized' /compliance-check/{id}: get: operationId: getComplianceCheck summary: Kion Get a compliance check description: Returns details for a specific compliance check. tags: - Compliance Checks parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/ComplianceCheck' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateComplianceCheck summary: Kion Update a compliance check description: Updates an existing compliance check. tags: - Compliance Checks parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ComplianceCheckUpdate' responses: '200': description: Compliance check updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteComplianceCheck summary: Kion Delete a compliance check description: Deletes a compliance check. tags: - Compliance Checks parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Compliance check deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /compliance-standard: get: operationId: listComplianceStandards summary: Kion List compliance standards description: Returns a list of all compliance standards. tags: - Compliance Standards responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/ComplianceStandard' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createComplianceStandard summary: Kion Create a compliance standard description: Creates a new compliance standard. tags: - Compliance Standards requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ComplianceStandardCreate' responses: '201': description: Compliance standard created '401': $ref: '#/components/responses/Unauthorized' /compliance-standard/{id}: get: operationId: getComplianceStandard summary: Kion Get a compliance standard description: Returns details for a specific compliance standard. tags: - Compliance Standards parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/ComplianceStandard' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateComplianceStandard summary: Kion Update a compliance standard description: Updates an existing compliance standard. tags: - Compliance Standards parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ComplianceStandardUpdate' responses: '200': description: Compliance standard updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteComplianceStandard summary: Kion Delete a compliance standard description: Deletes a compliance standard. tags: - Compliance Standards parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Compliance standard deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /funding-source: get: operationId: listFundingSources summary: Kion List funding sources description: Returns a list of all funding sources. tags: - Funding Sources responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/FundingSource' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createFundingSource summary: Kion Create a funding source description: Creates a new funding source. tags: - Funding Sources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FundingSourceCreate' responses: '201': description: Funding source created '401': $ref: '#/components/responses/Unauthorized' /funding-source/{id}: get: operationId: getFundingSource summary: Kion Get a funding source description: Returns details for a specific funding source. tags: - Funding Sources parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/FundingSource' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateFundingSource summary: Kion Update a funding source description: Updates an existing funding source. tags: - Funding Sources parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FundingSourceUpdate' responses: '200': description: Funding source updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteFundingSource summary: Kion Delete a funding source description: Deletes a funding source. tags: - Funding Sources parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Funding source deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /funding-source/{id}/permission-mapping: get: operationId: listFundingSourcePermissionMappings summary: Kion List funding source permission mappings description: Returns permission mappings for a specific funding source. tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' post: operationId: createFundingSourcePermissionMapping summary: Kion Create a funding source permission mapping description: Creates a permission mapping on a funding source. tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PermissionMappingCreate' responses: '201': description: Permission mapping created '401': $ref: '#/components/responses/Unauthorized' /label: get: operationId: listLabels summary: Kion List labels description: Returns a list of all labels. tags: - Labels responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/Label' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createLabel summary: Kion Create a label description: Creates a new label. tags: - Labels requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/LabelCreate' responses: '201': description: Label created '401': $ref: '#/components/responses/Unauthorized' /label/{id}: get: operationId: getLabel summary: Kion Get a label description: Returns details for a specific label. tags: - Labels parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/Label' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateLabel summary: Kion Update a label description: Updates an existing label. tags: - Labels parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/LabelUpdate' responses: '200': description: Label updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteLabel summary: Kion Delete a label description: Deletes a label. tags: - Labels parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Label deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /user: get: operationId: listUsers summary: Kion List users description: Returns a list of all users. tags: - Users responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/User' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createUser summary: Kion Create a user description: Creates a new user. tags: - Users requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserCreate' responses: '201': description: User created '401': $ref: '#/components/responses/Unauthorized' /user/{id}: get: operationId: getUser summary: Kion Get a user description: Returns details for a specific user. tags: - Users parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/User' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateUser summary: Kion Update a user description: Updates an existing user. tags: - Users parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserUpdate' responses: '200': description: User updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteUser summary: Kion Delete a user description: Deletes a user. tags: - Users parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: User deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /user-group: get: operationId: listUserGroups summary: Kion List user groups description: Returns a list of all user groups. tags: - User Groups responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/UserGroup' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createUserGroup summary: Kion Create a user group description: Creates a new user group. tags: - User Groups requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserGroupCreate' responses: '201': description: User group created '401': $ref: '#/components/responses/Unauthorized' /user-group/{id}: get: operationId: getUserGroup summary: Kion Get a user group description: Returns details for a specific user group. tags: - User Groups parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/UserGroup' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateUserGroup summary: Kion Update a user group description: Updates an existing user group. tags: - User Groups parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserGroupUpdate' responses: '200': description: User group updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteUserGroup summary: Kion Delete a user group description: Deletes a user group. tags: - User Groups parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: User group deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /aws-iam-policy: get: operationId: listAwsIamPolicies summary: Kion List AWS IAM policies description: Returns a list of all AWS IAM policies. tags: - IAM Policies responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/AwsIamPolicy' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createAwsIamPolicy summary: Kion Create an AWS IAM policy description: Creates a new AWS IAM policy. tags: - IAM Policies requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AwsIamPolicyCreate' responses: '201': description: Policy created '401': $ref: '#/components/responses/Unauthorized' /aws-iam-policy/{id}: get: operationId: getAwsIamPolicy summary: Kion Get an AWS IAM policy description: Returns details for a specific AWS IAM policy. tags: - IAM Policies parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateAwsIamPolicy summary: Kion Update an AWS IAM policy description: Updates an existing AWS IAM policy. tags: - IAM Policies parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AwsIamPolicyUpdate' responses: '200': description: Policy updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteAwsIamPolicy summary: Kion Delete an AWS IAM policy description: Deletes an AWS IAM policy. tags: - IAM Policies parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Policy deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /service-control-policy: get: operationId: listServiceControlPolicies summary: Kion List service control policies description: Returns a list of all AWS service control policies. tags: - Service Control Policies responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/ServiceControlPolicy' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createServiceControlPolicy summary: Kion Create a service control policy description: Creates a new AWS service control policy. tags: - Service Control Policies requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceControlPolicyCreate' responses: '201': description: Policy created '401': $ref: '#/components/responses/Unauthorized' /service-control-policy/{id}: get: operationId: getServiceControlPolicy summary: Kion Get a service control policy description: Returns details for a specific service control policy. tags: - Service Control Policies parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateServiceControlPolicy summary: Kion Update a service control policy description: Updates an existing service control policy. tags: - Service Control Policies parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceControlPolicyUpdate' responses: '200': description: Policy updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteServiceControlPolicy summary: Kion Delete a service control policy description: Deletes a service control policy. tags: - Service Control Policies parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Policy deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /aws-cloudformation-template: get: operationId: listCloudFormationTemplates summary: Kion List CloudFormation templates description: Returns a list of all AWS CloudFormation templates. tags: - CloudFormation Templates responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/CloudFormationTemplate' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createCloudFormationTemplate summary: Kion Create a CloudFormation template description: Creates a new AWS CloudFormation template. tags: - CloudFormation Templates requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloudFormationTemplateCreate' responses: '201': description: Template created '401': $ref: '#/components/responses/Unauthorized' /aws-cloudformation-template/{id}: get: operationId: getCloudFormationTemplate summary: Kion Get a CloudFormation template description: Returns details for a specific CloudFormation template. tags: - CloudFormation Templates parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateCloudFormationTemplate summary: Kion Update a CloudFormation template description: Updates an existing CloudFormation template. tags: - CloudFormation Templates parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloudFormationTemplateUpdate' responses: '200': description: Template updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteCloudFormationTemplate summary: Kion Delete a CloudFormation template description: Deletes a CloudFormation template. tags: - CloudFormation Templates parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Template deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /azure-arm-template: get: operationId: listAzureArmTemplates summary: Kion List Azure ARM templates description: Returns a list of all Azure ARM templates. tags: - Azure ARM Templates responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/AzureArmTemplate' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createAzureArmTemplate summary: Kion Create an Azure ARM template description: Creates a new Azure ARM template. tags: - Azure ARM Templates requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AzureArmTemplateCreate' responses: '201': description: Template created '401': $ref: '#/components/responses/Unauthorized' /azure-arm-template/{id}: get: operationId: getAzureArmTemplate summary: Kion Get an Azure ARM template description: Returns details for a specific Azure ARM template. tags: - Azure ARM Templates parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateAzureArmTemplate summary: Kion Update an Azure ARM template tags: - Azure ARM Templates parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AzureArmTemplateUpdate' responses: '200': description: Template updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteAzureArmTemplate summary: Kion Delete an Azure ARM template tags: - Azure ARM Templates parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Template deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /azure-policy: get: operationId: listAzurePolicies summary: Kion List Azure policies description: Returns a list of all Azure policies. tags: - Azure Policies responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/AzurePolicy' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createAzurePolicy summary: Kion Create an Azure policy tags: - Azure Policies requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AzurePolicyCreate' responses: '201': description: Policy created '401': $ref: '#/components/responses/Unauthorized' /azure-policy/{id}: get: operationId: getAzurePolicy summary: Kion Get an Azure policy tags: - Azure Policies parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateAzurePolicy summary: Kion Update an Azure policy tags: - Azure Policies parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AzurePolicyUpdate' responses: '200': description: Policy updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteAzurePolicy summary: Kion Delete an Azure policy tags: - Azure Policies parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Policy deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /azure-role: get: operationId: listAzureRoles summary: Kion List Azure roles description: Returns a list of all Azure roles. tags: - Azure Roles responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/AzureRole' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createAzureRole summary: Kion Create an Azure role tags: - Azure Roles requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AzureRoleCreate' responses: '201': description: Role created '401': $ref: '#/components/responses/Unauthorized' /azure-role/{id}: get: operationId: getAzureRole summary: Kion Get an Azure role tags: - Azure Roles parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateAzureRole summary: Kion Update an Azure role tags: - Azure Roles parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AzureRoleUpdate' responses: '200': description: Role updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteAzureRole summary: Kion Delete an Azure role tags: - Azure Roles parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Role deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /gcp-iam-role: get: operationId: listGcpIamRoles summary: Kion List GCP IAM roles description: Returns a list of all GCP IAM roles. tags: - GCP IAM Roles responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/GcpIamRole' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createGcpIamRole summary: Kion Create a GCP IAM role tags: - GCP IAM Roles requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GcpIamRoleCreate' responses: '201': description: Role created '401': $ref: '#/components/responses/Unauthorized' /gcp-iam-role/{id}: get: operationId: getGcpIamRole summary: Kion Get a GCP IAM role tags: - GCP IAM Roles parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateGcpIamRole summary: Kion Update a GCP IAM role tags: - GCP IAM Roles parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GcpIamRoleUpdate' responses: '200': description: Role updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteGcpIamRole summary: Kion Delete a GCP IAM role tags: - GCP IAM Roles parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Role deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /webhook: get: operationId: listWebhooks summary: Kion List webhooks description: Returns a list of all webhooks. tags: - Webhooks responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/Webhook' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createWebhook summary: Kion Create a webhook tags: - Webhooks requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WebhookCreate' responses: '201': description: Webhook created '401': $ref: '#/components/responses/Unauthorized' /webhook/{id}: get: operationId: getWebhook summary: Kion Get a webhook tags: - Webhooks parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateWebhook summary: Kion Update a webhook tags: - Webhooks parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WebhookUpdate' responses: '200': description: Webhook updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteWebhook summary: Kion Delete a webhook tags: - Webhooks parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Webhook deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /saml-group-association: get: operationId: listSamlGroupAssociations summary: Kion List SAML group associations description: Returns a list of all SAML group associations. tags: - SAML Group Associations responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/SamlGroupAssociation' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createSamlGroupAssociation summary: Kion Create a SAML group association tags: - SAML Group Associations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SamlGroupAssociationCreate' responses: '201': description: Association created '401': $ref: '#/components/responses/Unauthorized' /saml-group-association/{id}: get: operationId: getSamlGroupAssociation summary: Kion Get a SAML group association tags: - SAML Group Associations parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateSamlGroupAssociation summary: Kion Update a SAML group association tags: - SAML Group Associations parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SamlGroupAssociationUpdate' responses: '200': description: Association updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteSamlGroupAssociation summary: Kion Delete a SAML group association tags: - SAML Group Associations parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Association deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /custom-variable: get: operationId: listCustomVariables summary: Kion List custom variables description: Returns a list of all custom variables. tags: - Custom Variables responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: type: array items: $ref: '#/components/schemas/CustomVariable' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createCustomVariable summary: Kion Create a custom variable tags: - Custom Variables requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomVariableCreate' responses: '201': description: Variable created '401': $ref: '#/components/responses/Unauthorized' /custom-variable/{id}: get: operationId: getCustomVariable summary: Kion Get a custom variable tags: - Custom Variables parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateCustomVariable summary: Kion Update a custom variable tags: - Custom Variables parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomVariableUpdate' responses: '200': description: Variable updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteCustomVariable summary: Kion Delete a custom variable tags: - Custom Variables parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Variable deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /custom-variable-override: get: operationId: listCustomVariableOverrides summary: Kion List custom variable overrides description: Returns a list of all custom variable overrides. tags: - Custom Variables responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' post: operationId: createCustomVariableOverride summary: Kion Create a custom variable override tags: - Custom Variables requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomVariableOverrideCreate' responses: '201': description: Override created '401': $ref: '#/components/responses/Unauthorized' /custom-variable-override/{id}: get: operationId: getCustomVariableOverride summary: Kion Get a custom variable override tags: - Custom Variables parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateCustomVariableOverride summary: Kion Update a custom variable override tags: - Custom Variables parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomVariableOverrideUpdate' responses: '200': description: Override updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteCustomVariableOverride summary: Kion Delete a custom variable override tags: - Custom Variables parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Override deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /global-permission-mapping: get: operationId: listGlobalPermissionMappings summary: Kion List global permission mappings description: Returns a list of all global permission mappings. tags: - Permission Mappings responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' post: operationId: createGlobalPermissionMapping summary: Kion Create a global permission mapping tags: - Permission Mappings requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PermissionMappingCreate' responses: '201': description: Mapping created '401': $ref: '#/components/responses/Unauthorized' /global-permission-mapping/{id}: get: operationId: getGlobalPermissionMapping summary: Kion Get a global permission mapping tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' patch: operationId: updateGlobalPermissionMapping summary: Kion Update a global permission mapping tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PermissionMappingUpdate' responses: '200': description: Mapping updated '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteGlobalPermissionMapping summary: Kion Delete a global permission mapping tags: - Permission Mappings parameters: - $ref: '#/components/parameters/IdParam' responses: '204': description: Mapping deleted '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /idms: get: operationId: listIdms summary: Kion List identity management systems description: Returns a list of all identity management systems. tags: - Identity Management responses: '200': description: Successful response '401': $ref: '#/components/responses/Unauthorized' /app-config: get: operationId: getAppConfig summary: Kion Get application configuration description: Returns the Kion application configuration settings. tags: - App Configuration responses: '200': description: Successful response content: application/json: schema: type: object properties: status: type: integer data: $ref: '#/components/schemas/AppConfig' '401': $ref: '#/components/responses/Unauthorized' patch: operationId: updateAppConfig summary: Kion Update application configuration description: Updates the Kion application configuration settings. tags: - App Configuration requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AppConfigUpdate' responses: '200': description: Configuration updated '401': $ref: '#/components/responses/Unauthorized' components: securitySchemes: bearerAuth: type: http scheme: bearer description: >- Kion App API Key. Generate in Kion under your user profile settings. Use in the Authorization header as: Bearer YOUR_API_KEY parameters: IdParam: name: id in: path required: true description: The unique identifier of the resource in Kion schema: type: integer PageParam: name: page in: query required: false description: Page number for pagination schema: type: integer default: 1 PageSizeParam: name: page_size in: query required: false description: Number of items per page schema: type: integer default: 50 responses: Unauthorized: description: Authentication failed or API key is missing/invalid content: application/json: schema: type: object properties: status: type: integer example: 401 message: type: string example: Unauthorized NotFound: description: The requested resource was not found content: application/json: schema: type: object properties: status: type: integer example: 404 message: type: string example: Not found schemas: Account: type: object properties: id: type: integer description: Internal Kion account ID name: type: string description: Account name account_number: type: string description: Cloud provider account number or ID account_type_id: type: integer description: Account type identifier payer_id: type: integer description: Payer account ID project_id: type: integer description: Project ID the account belongs to email: type: string description: Email associated with the account linked_account_number: type: string description: Linked account number linked_role: type: string description: IAM role used for linked access start_datecode: type: string description: Start date for the account skip_access_checking: type: boolean description: Whether to skip access checking use_org_account_access_role: type: boolean description: Whether to use organization account access role labels: type: object additionalProperties: type: string description: Labels associated with the account created_at: type: string format: date-time AccountCreate: type: object required: - name - account_number - account_type_id - payer_id - project_id properties: name: type: string account_number: type: string account_type_id: type: integer payer_id: type: integer project_id: type: integer email: type: string linked_role: type: string start_datecode: type: string skip_access_checking: type: boolean use_org_account_access_role: type: boolean labels: type: object additionalProperties: type: string AccountUpdate: type: object properties: name: type: string email: type: string linked_role: type: string start_datecode: type: string skip_access_checking: type: boolean use_org_account_access_role: type: boolean labels: type: object additionalProperties: type: string Project: type: object properties: id: type: integer name: type: string description: type: string ou_id: type: integer description: Organizational unit ID default_aws_region: type: string permission_scheme_id: type: integer project_funding: type: array items: type: object properties: funding_source_id: type: integer amount: type: number start_datecode: type: string end_datecode: type: string budget: type: object properties: amount: type: number funding_source_id: type: integer labels: type: object additionalProperties: type: string archived: type: boolean auto_pay: type: boolean created_at: type: string format: date-time ProjectCreate: type: object required: - name - ou_id properties: name: type: string description: type: string ou_id: type: integer default_aws_region: type: string permission_scheme_id: type: integer project_funding: type: array items: type: object properties: funding_source_id: type: integer amount: type: number start_datecode: type: string end_datecode: type: string labels: type: object additionalProperties: type: string auto_pay: type: boolean ProjectUpdate: type: object properties: name: type: string description: type: string ou_id: type: integer default_aws_region: type: string permission_scheme_id: type: integer archived: type: boolean auto_pay: type: boolean labels: type: object additionalProperties: type: string ProjectNote: type: object properties: id: type: integer project_id: type: integer content: type: string created_by_user_id: type: integer created_at: type: string format: date-time ProjectNoteCreate: type: object required: - content properties: content: type: string ProjectEnforcement: type: object properties: id: type: integer project_id: type: integer cloud_rule_id: type: integer description: type: string overwrite: type: boolean timeframe: type: string amount: type: number threshold_type: type: string enabled: type: boolean ProjectEnforcementCreate: type: object properties: cloud_rule_id: type: integer description: type: string overwrite: type: boolean timeframe: type: string amount: type: number threshold_type: type: string enabled: type: boolean OU: type: object properties: id: type: integer name: type: string description: type: string parent_ou_id: type: integer description: Parent organizational unit ID permission_scheme_id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time OUCreate: type: object required: - name - parent_ou_id properties: name: type: string description: type: string parent_ou_id: type: integer permission_scheme_id: type: integer labels: type: object additionalProperties: type: string OUUpdate: type: object properties: name: type: string description: type: string parent_ou_id: type: integer permission_scheme_id: type: integer labels: type: object additionalProperties: type: string CloudRule: type: object properties: id: type: integer name: type: string description: type: string pre_webhook_id: type: integer post_webhook_id: type: integer built_in: type: boolean owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer aws_iam_policies: type: array items: type: integer aws_cloudformation_templates: type: array items: type: integer azure_arm_template_definitions: type: array items: type: integer azure_policy_definitions: type: array items: type: integer azure_role_definitions: type: array items: type: integer compliance_standards: type: array items: type: integer gcp_iam_roles: type: array items: type: integer internal_aws_amis: type: array items: type: integer internal_aws_service_catalog_portfolios: type: array items: type: integer ous: type: array items: type: integer projects: type: array items: type: integer service_control_policies: type: array items: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time CloudRuleCreate: type: object required: - name properties: name: type: string description: type: string pre_webhook_id: type: integer post_webhook_id: type: integer aws_iam_policies: type: array items: type: integer aws_cloudformation_templates: type: array items: type: integer azure_arm_template_definitions: type: array items: type: integer azure_policy_definitions: type: array items: type: integer azure_role_definitions: type: array items: type: integer compliance_standards: type: array items: type: integer gcp_iam_roles: type: array items: type: integer ous: type: array items: type: integer projects: type: array items: type: integer service_control_policies: type: array items: type: integer labels: type: object additionalProperties: type: string CloudRuleUpdate: type: object properties: name: type: string description: type: string pre_webhook_id: type: integer post_webhook_id: type: integer aws_iam_policies: type: array items: type: integer aws_cloudformation_templates: type: array items: type: integer azure_arm_template_definitions: type: array items: type: integer azure_policy_definitions: type: array items: type: integer azure_role_definitions: type: array items: type: integer compliance_standards: type: array items: type: integer gcp_iam_roles: type: array items: type: integer ous: type: array items: type: integer projects: type: array items: type: integer service_control_policies: type: array items: type: integer labels: type: object additionalProperties: type: string ComplianceCheck: type: object properties: id: type: integer name: type: string description: type: string cloud_provider_id: type: integer compliance_check_type_id: type: integer severity_type_id: type: integer body: type: string description: The compliance check policy body frequency_minutes: type: integer frequency_type_id: type: integer is_all_regions: type: boolean is_auto_archived: type: boolean regions: type: array items: type: string owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time ComplianceCheckCreate: type: object required: - name - cloud_provider_id - compliance_check_type_id properties: name: type: string description: type: string cloud_provider_id: type: integer compliance_check_type_id: type: integer severity_type_id: type: integer body: type: string frequency_minutes: type: integer frequency_type_id: type: integer is_all_regions: type: boolean is_auto_archived: type: boolean regions: type: array items: type: string labels: type: object additionalProperties: type: string ComplianceCheckUpdate: type: object properties: name: type: string description: type: string severity_type_id: type: integer body: type: string frequency_minutes: type: integer is_all_regions: type: boolean is_auto_archived: type: boolean regions: type: array items: type: string labels: type: object additionalProperties: type: string ComplianceStandard: type: object properties: id: type: integer name: type: string description: type: string compliance_checks: type: array items: type: integer owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time ComplianceStandardCreate: type: object required: - name properties: name: type: string description: type: string compliance_checks: type: array items: type: integer labels: type: object additionalProperties: type: string ComplianceStandardUpdate: type: object properties: name: type: string description: type: string compliance_checks: type: array items: type: integer labels: type: object additionalProperties: type: string FundingSource: type: object properties: id: type: integer name: type: string description: type: string amount: type: number start_datecode: type: string end_datecode: type: string ou_id: type: integer owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time FundingSourceCreate: type: object required: - name - amount - start_datecode - end_datecode - ou_id properties: name: type: string description: type: string amount: type: number start_datecode: type: string end_datecode: type: string ou_id: type: integer labels: type: object additionalProperties: type: string FundingSourceUpdate: type: object properties: name: type: string description: type: string amount: type: number start_datecode: type: string end_datecode: type: string labels: type: object additionalProperties: type: string Label: type: object properties: id: type: integer key: type: string value: type: string color: type: string created_at: type: string format: date-time LabelCreate: type: object required: - key - value properties: key: type: string value: type: string color: type: string LabelUpdate: type: object properties: key: type: string value: type: string color: type: string User: type: object properties: id: type: integer username: type: string first_name: type: string last_name: type: string email: type: string idms_id: type: integer enabled: type: boolean created_at: type: string format: date-time UserCreate: type: object required: - username - first_name - last_name - email - idms_id properties: username: type: string first_name: type: string last_name: type: string email: type: string idms_id: type: integer enabled: type: boolean UserUpdate: type: object properties: first_name: type: string last_name: type: string email: type: string enabled: type: boolean UserGroup: type: object properties: id: type: integer name: type: string description: type: string idms_id: type: integer users: type: array items: type: object properties: id: type: integer enabled: type: boolean created_at: type: string format: date-time UserGroupCreate: type: object required: - name - idms_id properties: name: type: string description: type: string idms_id: type: integer users: type: array items: type: object properties: id: type: integer enabled: type: boolean UserGroupUpdate: type: object properties: name: type: string description: type: string users: type: array items: type: object properties: id: type: integer enabled: type: boolean AwsIamPolicy: type: object properties: id: type: integer name: type: string description: type: string aws_iam_path: type: string policy: type: string description: JSON policy document aws_managed_policy: type: boolean owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time AwsIamPolicyCreate: type: object required: - name - policy properties: name: type: string description: type: string aws_iam_path: type: string policy: type: string aws_managed_policy: type: boolean labels: type: object additionalProperties: type: string AwsIamPolicyUpdate: type: object properties: name: type: string description: type: string aws_iam_path: type: string policy: type: string labels: type: object additionalProperties: type: string ServiceControlPolicy: type: object properties: id: type: integer name: type: string description: type: string policy: type: string description: JSON policy document owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time ServiceControlPolicyCreate: type: object required: - name - policy properties: name: type: string description: type: string policy: type: string labels: type: object additionalProperties: type: string ServiceControlPolicyUpdate: type: object properties: name: type: string description: type: string policy: type: string labels: type: object additionalProperties: type: string CloudFormationTemplate: type: object properties: id: type: integer name: type: string description: type: string template_url: type: string template_body: type: string region: type: string sns_arns: type: string terminate_protected: type: boolean owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time CloudFormationTemplateCreate: type: object required: - name properties: name: type: string description: type: string template_url: type: string template_body: type: string region: type: string sns_arns: type: string terminate_protected: type: boolean labels: type: object additionalProperties: type: string CloudFormationTemplateUpdate: type: object properties: name: type: string description: type: string template_url: type: string template_body: type: string region: type: string sns_arns: type: string terminate_protected: type: boolean labels: type: object additionalProperties: type: string AzureArmTemplate: type: object properties: id: type: integer name: type: string description: type: string resource_group_name: type: string resource_group_region: type: string template: type: string deployment_mode: type: string owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time AzureArmTemplateCreate: type: object required: - name properties: name: type: string description: type: string resource_group_name: type: string resource_group_region: type: string template: type: string deployment_mode: type: string labels: type: object additionalProperties: type: string AzureArmTemplateUpdate: type: object properties: name: type: string description: type: string resource_group_name: type: string resource_group_region: type: string template: type: string deployment_mode: type: string labels: type: object additionalProperties: type: string AzurePolicy: type: object properties: id: type: integer name: type: string description: type: string policy: type: string ct_managed: type: boolean owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time AzurePolicyCreate: type: object required: - name - policy properties: name: type: string description: type: string policy: type: string labels: type: object additionalProperties: type: string AzurePolicyUpdate: type: object properties: name: type: string description: type: string policy: type: string labels: type: object additionalProperties: type: string AzureRole: type: object properties: id: type: integer name: type: string description: type: string role_permissions: type: string built_in: type: boolean owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time AzureRoleCreate: type: object required: - name - role_permissions properties: name: type: string description: type: string role_permissions: type: string labels: type: object additionalProperties: type: string AzureRoleUpdate: type: object properties: name: type: string description: type: string role_permissions: type: string labels: type: object additionalProperties: type: string GcpIamRole: type: object properties: id: type: integer name: type: string description: type: string gcp_id: type: string gcp_role_launch_stage: type: integer role_permissions: type: array items: type: string owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time GcpIamRoleCreate: type: object required: - name - gcp_id - role_permissions properties: name: type: string description: type: string gcp_id: type: string gcp_role_launch_stage: type: integer role_permissions: type: array items: type: string labels: type: object additionalProperties: type: string GcpIamRoleUpdate: type: object properties: name: type: string description: type: string gcp_role_launch_stage: type: integer role_permissions: type: array items: type: string labels: type: object additionalProperties: type: string CloudAccessRole: type: object properties: id: type: integer name: type: string aws_iam_role_name: type: string web_access: type: boolean short_term_access_keys: type: boolean long_term_access_keys: type: boolean aws_iam_policies: type: array items: type: integer azure_role_definitions: type: array items: type: integer gcp_iam_roles: type: array items: type: integer users: type: array items: type: integer user_groups: type: array items: type: integer accounts: type: array items: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time CloudAccessRoleCreate: type: object required: - name properties: name: type: string aws_iam_role_name: type: string web_access: type: boolean short_term_access_keys: type: boolean long_term_access_keys: type: boolean aws_iam_policies: type: array items: type: integer azure_role_definitions: type: array items: type: integer gcp_iam_roles: type: array items: type: integer users: type: array items: type: integer user_groups: type: array items: type: integer accounts: type: array items: type: integer labels: type: object additionalProperties: type: string Webhook: type: object properties: id: type: integer name: type: string description: type: string url: type: string format: uri auth_type: type: string auth_token: type: string owner_users: type: array items: type: object properties: id: type: integer owner_user_groups: type: array items: type: object properties: id: type: integer labels: type: object additionalProperties: type: string created_at: type: string format: date-time WebhookCreate: type: object required: - name - url properties: name: type: string description: type: string url: type: string format: uri auth_type: type: string auth_token: type: string labels: type: object additionalProperties: type: string WebhookUpdate: type: object properties: name: type: string description: type: string url: type: string format: uri auth_type: type: string auth_token: type: string labels: type: object additionalProperties: type: string SamlGroupAssociation: type: object properties: id: type: integer assertion_name: type: string assertion_regex: type: string idms_id: type: integer user_group_mappings: type: array items: type: object properties: assertion_value: type: string user_group_id: type: integer created_at: type: string format: date-time SamlGroupAssociationCreate: type: object required: - assertion_name - assertion_regex - idms_id properties: assertion_name: type: string assertion_regex: type: string idms_id: type: integer user_group_mappings: type: array items: type: object properties: assertion_value: type: string user_group_id: type: integer SamlGroupAssociationUpdate: type: object properties: assertion_name: type: string assertion_regex: type: string user_group_mappings: type: array items: type: object properties: assertion_value: type: string user_group_id: type: integer CustomVariable: type: object properties: id: type: integer key: type: string value: type: string description: type: string labels: type: object additionalProperties: type: string created_at: type: string format: date-time CustomVariableCreate: type: object required: - key - value properties: key: type: string value: type: string description: type: string labels: type: object additionalProperties: type: string CustomVariableUpdate: type: object properties: key: type: string value: type: string description: type: string labels: type: object additionalProperties: type: string CustomVariableOverrideCreate: type: object required: - custom_variable_id - value properties: custom_variable_id: type: integer value: type: string ou_id: type: integer project_id: type: integer CustomVariableOverrideUpdate: type: object properties: value: type: string PermissionMappingCreate: type: object required: - app_role_id properties: app_role_id: type: integer user_ids: type: array items: type: integer user_group_ids: type: array items: type: integer PermissionMappingUpdate: type: object properties: app_role_id: type: integer user_ids: type: array items: type: integer user_group_ids: type: array items: type: integer AppConfig: type: object properties: id: type: integer app_name: type: string default_aws_region: type: string session_timeout: type: integer allow_long_term_access_keys: type: boolean compliance_scan_interval_minutes: type: integer AppConfigUpdate: type: object properties: app_name: type: string default_aws_region: type: string session_timeout: type: integer allow_long_term_access_keys: type: boolean compliance_scan_interval_minutes: type: integer