{"files":{"SKILL.md":"---\nname: amazon-inspector\ndescription: \"Amazon Inspector API skill. Use when working with Amazon Inspector for root. Covers 37 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Amazon Inspector\nAPI version: 2016-02-16\n\n## Auth\nAWS SigV4\n\n## Base URL\nNot specified.\n\n## Setup\n1. Configure auth: AWS SigV4\n2. Verify API access with a test request\n3. POST / -- create first resource\n\n## Endpoints\n37 endpoints across 1 group. See references/api-spec.lap for full details.\n\n### Root\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | / | Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings. |\n| POST | / | Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account. For more information, see  Amazon Inspector Assessment Targets. |\n| POST | / | Creates an assessment template for the assessment target that is specified by the ARN of the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments. |\n| POST | / | Starts the generation of an exclusions preview for the specified assessment template. The exclusions preview lists the potential exclusions (ExclusionPreview) that Inspector can detect before it runs the assessment. |\n| POST | / | Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target. The created resource group is then used to create an Amazon Inspector assessment target. For more information, see CreateAssessmentTarget. |\n| POST | / | Deletes the assessment run that is specified by the ARN of the assessment run. |\n| POST | / | Deletes the assessment target that is specified by the ARN of the assessment target. |\n| POST | / | Deletes the assessment template that is specified by the ARN of the assessment template. |\n| POST | / | Describes the assessment runs that are specified by the ARNs of the assessment runs. |\n| POST | / | Describes the assessment targets that are specified by the ARNs of the assessment targets. |\n| POST | / | Describes the assessment templates that are specified by the ARNs of the assessment templates. |\n| POST | / | Describes the IAM role that enables Amazon Inspector to access your AWS account. |\n| POST | / | Describes the exclusions that are specified by the exclusions' ARNs. |\n| POST | / | Describes the findings that are specified by the ARNs of the findings. |\n| POST | / | Describes the resource groups that are specified by the ARNs of the resource groups. |\n| POST | / | Describes the rules packages that are specified by the ARNs of the rules packages. |\n| POST | / | Produces an assessment report that includes detailed and comprehensive results of a specified assessment run. |\n| POST | / | Retrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token. You can obtain the preview token by running the CreateExclusionsPreview API. |\n| POST | / | Information about the data that is collected for the specified assessment run. |\n| POST | / | Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs. |\n| POST | / | Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates. |\n| POST | / | Lists the ARNs of the assessment targets within this AWS account. For more information about assessment targets, see Amazon Inspector Assessment Targets. |\n| POST | / | Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets. |\n| POST | / | Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template. For more information, see SubscribeToEvent and UnsubscribeFromEvent. |\n| POST | / | List exclusions that are generated by the assessment run. |\n| POST | / | Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs. |\n| POST | / | Lists all available Amazon Inspector rules packages. |\n| POST | / | Lists all tags associated with an assessment template. |\n| POST | / | Previews the agents installed on the EC2 instances that are part of the specified assessment target. |\n| POST | / | Registers the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments. |\n| POST | / | Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists. |\n| POST | / | Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template. |\n| POST | / | Starts the assessment run specified by the ARN of the assessment template. For this API to function properly, you must not exceed the limit of running up to 500 concurrent agents per AWS account. |\n| POST | / | Stops the assessment run that is specified by the ARN of the assessment run. |\n| POST | / | Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic. |\n| POST | / | Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic. |\n| POST | / | Updates the assessment target that is specified by the ARN of the assessment target. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Create a resource?\" -> POST /\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Amazon Inspector\n@version 2016-02-16\n@auth AWS SigV4\n@endpoints 37\n@hint download_for_search\n@toc root(37)\n\n@endpoint POST /\n@desc Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings.\n@required {findingArns: [str], attributes: [Attribute]}\n@returns(200) {failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account. For more information, see  Amazon Inspector Assessment Targets.\n@required {assessmentTargetName: str}\n@optional {resourceGroupArn: str}\n@returns(200) {assessmentTargetArn: str}\n\n@endpoint POST /\n@desc Creates an assessment template for the assessment target that is specified by the ARN of the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector access to AWS Services needed to perform security assessments.\n@required {assessmentTargetArn: str, assessmentTemplateName: str, durationInSeconds: int, rulesPackageArns: [str]}\n@optional {userAttributesForFindings: [Attribute]}\n@returns(200) {assessmentTemplateArn: str}\n\n@endpoint POST /\n@desc Starts the generation of an exclusions preview for the specified assessment template. The exclusions preview lists the potential exclusions (ExclusionPreview) that Inspector can detect before it runs the assessment.\n@required {assessmentTemplateArn: str}\n@returns(200) {previewToken: str}\n\n@endpoint POST /\n@desc Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target. The created resource group is then used to create an Amazon Inspector assessment target. For more information, see CreateAssessmentTarget.\n@required {resourceGroupTags: [ResourceGroupTag]}\n@returns(200) {resourceGroupArn: str}\n\n@endpoint POST /\n@desc Deletes the assessment run that is specified by the ARN of the assessment run.\n@required {assessmentRunArn: str}\n\n@endpoint POST /\n@desc Deletes the assessment target that is specified by the ARN of the assessment target.\n@required {assessmentTargetArn: str}\n\n@endpoint POST /\n@desc Deletes the assessment template that is specified by the ARN of the assessment template.\n@required {assessmentTemplateArn: str}\n\n@endpoint POST /\n@desc Describes the assessment runs that are specified by the ARNs of the assessment runs.\n@required {assessmentRunArns: [str]}\n@returns(200) {assessmentRuns: [AssessmentRun], failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Describes the assessment targets that are specified by the ARNs of the assessment targets.\n@required {assessmentTargetArns: [str]}\n@returns(200) {assessmentTargets: [AssessmentTarget], failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Describes the assessment templates that are specified by the ARNs of the assessment templates.\n@required {assessmentTemplateArns: [str]}\n@returns(200) {assessmentTemplates: [AssessmentTemplate], failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Describes the IAM role that enables Amazon Inspector to access your AWS account.\n@returns(200) {roleArn: str, valid: bool, registeredAt: str(timestamp)}\n\n@endpoint POST /\n@desc Describes the exclusions that are specified by the exclusions' ARNs.\n@required {exclusionArns: [str]}\n@optional {locale: str}\n@returns(200) {exclusions: map<str,Exclusion>, failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Describes the findings that are specified by the ARNs of the findings.\n@required {findingArns: [str]}\n@optional {locale: str}\n@returns(200) {findings: [Finding], failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Describes the resource groups that are specified by the ARNs of the resource groups.\n@required {resourceGroupArns: [str]}\n@returns(200) {resourceGroups: [ResourceGroup], failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Describes the rules packages that are specified by the ARNs of the rules packages.\n@required {rulesPackageArns: [str]}\n@optional {locale: str}\n@returns(200) {rulesPackages: [RulesPackage], failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Produces an assessment report that includes detailed and comprehensive results of a specified assessment run.\n@required {assessmentRunArn: str, reportFileFormat: str, reportType: str}\n@returns(200) {status: str, url: str?}\n\n@endpoint POST /\n@desc Retrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token. You can obtain the preview token by running the CreateExclusionsPreview API.\n@required {assessmentTemplateArn: str, previewToken: str}\n@optional {nextToken: str, maxResults: int, locale: str}\n@returns(200) {previewStatus: str, exclusionPreviews: [ExclusionPreview]?, nextToken: str?}\n\n@endpoint POST /\n@desc Information about the data that is collected for the specified assessment run.\n@required {assessmentRunArn: str}\n@returns(200) {telemetryMetadata: [TelemetryMetadata]}\n\n@endpoint POST /\n@desc Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs.\n@required {assessmentRunArn: str}\n@optional {filter: AgentFilter, nextToken: str, maxResults: int}\n@returns(200) {assessmentRunAgents: [AssessmentRunAgent], nextToken: str?}\n\n@endpoint POST /\n@desc Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates.\n@optional {assessmentTemplateArns: [str], filter: AssessmentRunFilter, nextToken: str, maxResults: int}\n@returns(200) {assessmentRunArns: [str], nextToken: str?}\n\n@endpoint POST /\n@desc Lists the ARNs of the assessment targets within this AWS account. For more information about assessment targets, see Amazon Inspector Assessment Targets.\n@optional {filter: AssessmentTargetFilter, nextToken: str, maxResults: int}\n@returns(200) {assessmentTargetArns: [str], nextToken: str?}\n\n@endpoint POST /\n@desc Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets.\n@optional {assessmentTargetArns: [str], filter: AssessmentTemplateFilter, nextToken: str, maxResults: int}\n@returns(200) {assessmentTemplateArns: [str], nextToken: str?}\n\n@endpoint POST /\n@desc Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template. For more information, see SubscribeToEvent and UnsubscribeFromEvent.\n@optional {resourceArn: str, nextToken: str, maxResults: int}\n@returns(200) {subscriptions: [Subscription], nextToken: str?}\n\n@endpoint POST /\n@desc List exclusions that are generated by the assessment run.\n@required {assessmentRunArn: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {exclusionArns: [str], nextToken: str?}\n\n@endpoint POST /\n@desc Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs.\n@optional {assessmentRunArns: [str], filter: FindingFilter, nextToken: str, maxResults: int}\n@returns(200) {findingArns: [str], nextToken: str?}\n\n@endpoint POST /\n@desc Lists all available Amazon Inspector rules packages.\n@optional {nextToken: str, maxResults: int}\n@returns(200) {rulesPackageArns: [str], nextToken: str?}\n\n@endpoint POST /\n@desc Lists all tags associated with an assessment template.\n@required {resourceArn: str}\n@returns(200) {tags: [Tag]}\n\n@endpoint POST /\n@desc Previews the agents installed on the EC2 instances that are part of the specified assessment target.\n@required {previewAgentsArn: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {agentPreviews: [AgentPreview], nextToken: str?}\n\n@endpoint POST /\n@desc Registers the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments.\n@required {roleArn: str}\n\n@endpoint POST /\n@desc Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists.\n@required {findingArns: [str], attributeKeys: [str]}\n@returns(200) {failedItems: map<str,FailedItemDetails>}\n\n@endpoint POST /\n@desc Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template.\n@required {resourceArn: str}\n@optional {tags: [Tag]}\n\n@endpoint POST /\n@desc Starts the assessment run specified by the ARN of the assessment template. For this API to function properly, you must not exceed the limit of running up to 500 concurrent agents per AWS account.\n@required {assessmentTemplateArn: str}\n@optional {assessmentRunName: str}\n@returns(200) {assessmentRunArn: str}\n\n@endpoint POST /\n@desc Stops the assessment run that is specified by the ARN of the assessment run.\n@required {assessmentRunArn: str}\n@optional {stopAction: str}\n\n@endpoint POST /\n@desc Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.\n@required {resourceArn: str, event: str, topicArn: str}\n\n@endpoint POST /\n@desc Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic.\n@required {resourceArn: str, event: str, topicArn: str}\n\n@endpoint POST /\n@desc Updates the assessment target that is specified by the ARN of the assessment target. If resourceGroupArn is not specified, all EC2 instances in the current AWS account and region are included in the assessment target.\n@required {assessmentTargetArn: str, assessmentTargetName: str}\n@optional {resourceGroupArn: str}\n\n@end\n"}}