# Cloud Platforms and Data Providers You can manage Veza integrations using the management API and a Veza admin [API key](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/authentication). Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope. ## Provider Types Use the `ListProviderTypes` endpoint to retrieve all provider types available in your tenant, including both Veza-managed integrations and custom OAA provider types. #### List Provider Types {% openapi src="" path="/api/v1/providers/types" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} The response includes: * **`provider_types`**: Veza-managed provider types such as `AWS`, `AZURE`, `GOOGLE_CLOUD`, `OKTA`, `ACTIVE_DIRECTORY`, `GITHUB`, `SNOWFLAKE`, `SALESFORCE`, `KUBERNETES`, and others. Each entry includes `enabled: true` if the tenant has at least one configured provider instance of that type. * **`unregistered_custom_provider_types`**: OAA provider types present in the tenant that do not have a registered Veza configuration definition. Each `ProviderType` includes a `schema_integration_type` field — use this value (not `type`) when filtering by `integration_type` in assessment queries. The values are not always a direct transformation of the `type` identifier (e.g., `GOOGLE_CLOUD` → `google`, `ONE_LOGIN` → `onelogin`, `MYSQL` → `my_sql`). For detailed integration guides, see the [Integrations documentation](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations). ## Authentication You will need an API token with administrator permissions to manage provider configurations. See [API Authentication](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/authentication) for details. ## Common Provider Properties All provider configurations share these common properties: * `id` (String): Unique identifier for the provider configuration * `vendor_id` (String): Provider-specific identifier (e.g., AWS account ID) * `name` (String): Display name for the provider * `type` (String): Provider type (AWS, AZURE, GOOGLE\_CLOUD, etc.) * `state` (String): Current state (ENABLED, DISABLED) * `data_plane_id` (String): Insight Point ID used for discovery * `status` (String): Last discovery status (SUCCESS, PENDING, ERROR) ## AWS Providers ### AWS Provider Object Schema AWS provider configurations include account credentials, regions, and service-specific settings: ```json { "id": "883dd869-8762-4187-8767-1c387de14b4b", "vendor_id": "123456789010", "name": "AWS-Production", "type": "AWS", "state": "ENABLED", "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b", "status": "SUCCESS", "account_id": "123456789010", "credentials_type": "ASSUME_CUSTOMER_ROLE", "access_key_id": "AKIA6FRNZGGIOEBZ6BEA", "assume_role_name": "VezaDiscoveryRole", "assume_role_external_id": "veza-external-id", "regions": [ "us-east-1", "us-west-2", "eu-west-1" ], "db_user": "veza_user", "services": [ "IAM", "S3", "RDS", "REDSHIFT" ], "s3_bucket_allow_list": ["prod-data-*"], "s3_bucket_deny_list": ["temp-*", "test-*"], "rds_database_allow_list": ["production"], "rds_database_deny_list": ["temp"] } ``` #### AWS Configuration Fields * `account_id` (String): AWS account ID (12-digit number) * `credentials_type` (String): Authentication method - `STATIC`, `EC2_INSTANCE_PROFILE`, or `ASSUME_CUSTOMER_ROLE` * `access_key_id` (String): Access key ID for static credentials * `secret_key` (String): Secret access key for static credentials * `assume_role_name` (String): IAM role name for assume role authentication * `assume_role_external_id` (String): External ID for assume role authentication * `regions` (Array): List of AWS regions to discover * `db_user` (String): Database username for RDS/Redshift connections * `services` (Array): Specific AWS services to discover (empty array = all services) #### AWS Service Discovery Options Available service values for the `services` array: * `IAM`: Identity and Access Management * `S3`: Simple Storage Service * `RDS`: Relational Database Service * `REDSHIFT`: Redshift data warehouses * `EC2`: Elastic Compute Cloud * `LAMBDA`: Lambda functions * `EKS`: Elastic Kubernetes Service * `COGNITO`: Cognito user pools * `SECRETS_MANAGER`: Secrets Manager * `KMS`: Key Management Service * `DYNAMODB`: DynamoDB tables #### AWS Resource Filtering Use allow/deny lists to control which resources are discovered: * `s3_bucket_allow_list`: S3 bucket names to include (supports wildcards) * `s3_bucket_deny_list`: S3 bucket names to exclude * `rds_database_allow_list`: RDS database names to include * `rds_database_deny_list`: RDS database names to exclude * `redshift_database_allow_list`: Redshift database ARNs to include * `redshift_database_deny_list`: Redshift database ARNs to exclude For detailed AWS setup instructions, see [Amazon Web Services Integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/aws). ### AWS API Operations #### List AWS Providers {% openapi src="" path="/api/v1/providers/aws" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Create AWS Provider {% openapi src="" path="/api/v1/providers/aws" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get AWS Provider {% openapi src="" path="/api/v1/providers/aws/{id}" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Update AWS Provider {% openapi src="" path="/api/v1/providers/aws/{provider.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Delete AWS Provider {% openapi src="" path="/api/v1/providers/aws/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get AWS Trust Policy {% openapi src="" path="/api/v1/providers/aws:trustpolicy" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Check AWS Policy {% openapi src="" path="/api/v1/providers/aws/{id}:checkpolicy" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} ## Azure Providers ### Azure Provider Object Schema Azure provider configurations include tenant authentication and service settings: ```json { "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff", "vendor_id": "contoso.onmicrosoft.com", "name": "Azure-Production", "type": "AZURE", "state": "ENABLED", "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b", "status": "SUCCESS", "tenant_id": "12345678-1234-1234-1234-123456789012", "client_id": "87654321-4321-4321-4321-210987654321", "services": [ "AZUREAD", "SHAREPOINT", "SQLSERVER" ], "gather_guest_users": true, "gather_disabled_users": false, "gather_personal_sites": true, "domains": ["contoso.com"], "sql_server_database_allow_list": ["production"], "sql_server_database_deny_list": ["temp"] } ``` #### Azure Configuration Fields * `tenant_id` (String): Azure Active Directory tenant ID * `client_id` (String): Application (client) ID for service principal * `client_secret` (String): Client secret for authentication * `auth_certificate` (String): Certificate for SharePoint app-only access * `auth_certificate_password` (String): Certificate password * `services` (Array): Azure services to discover * `gather_guest_users` (Boolean): Include guest users in discovery * `gather_disabled_users` (Boolean): Include disabled users * `gather_personal_sites` (Boolean): Include personal SharePoint sites * `domains` (Array): Specific domains to discover For detailed Azure setup instructions, see [Azure Integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/azure). ### Azure API Operations #### List Azure Providers {% openapi src="" path="/api/v1/providers/azure" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Create Azure Provider {% openapi src="" path="/api/v1/providers/azure" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get Azure Provider {% openapi src="" path="/api/v1/providers/azure/{id}" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Update Azure Provider {% openapi src="" path="/api/v1/providers/azure/{provider.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Delete Azure Provider {% openapi src="" path="/api/v1/providers/azure/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} ## Google Cloud Providers ### Google Cloud Provider Object Schema Google Cloud provider configurations include service account credentials and project settings: ```json { "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff", "vendor_id": "gcp-project-id", "name": "GCP-Production", "type": "GOOGLE_CLOUD", "state": "ENABLED", "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b", "status": "SUCCESS", "customer_id": "C01234567", "workspace_email": "service-account@project.iam.gserviceaccount.com", "project_allow_list": ["prod-project-1", "prod-project-2"], "project_deny_list": ["test-*"], "domain_allow_list": ["company.com"], "domain_deny_list": [], "services": [ "IAM", "STORAGE", "COMPUTE", "WORKSPACE", "BIGQUERY" ], "dataset_allow_list": ["analytics", "reporting"], "dataset_deny_list": ["temp_*"] } ``` #### Google Cloud Configuration Fields * `credentials_json` (String): Service account key JSON * `customer_id` (String): Google Workspace customer ID * `workspace_email` (String): Workspace user email for service account impersonation * `project_allow_list` (Array): GCP project names to include * `project_deny_list` (Array): GCP project names to exclude * `domain_allow_list` (Array): Workspace domains to include * `domain_deny_list` (Array): Workspace domains to exclude * `dataset_allow_list` (Array): BigQuery dataset names to include * `dataset_deny_list` (Array): BigQuery dataset names to exclude For detailed Google Cloud setup instructions, see [Google Cloud Integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/google). ### Google Cloud API Operations #### List Google Cloud Providers {% openapi src="" path="/api/v1/providers/google\_cloud" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Create Google Cloud Provider {% openapi src="" path="/api/v1/providers/google\_cloud" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get Google Cloud Provider {% openapi src="" path="/api/v1/providers/google\_cloud/{id}" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Update Google Cloud Provider {% openapi src="" path="/api/v1/providers/google\_cloud/{provider.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Delete Google Cloud Provider {% openapi src="" path="/api/v1/providers/google\_cloud/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} ## Snowflake Providers ### Snowflake Provider Object Schema Snowflake provider configurations include connection details and database filtering: ```json { "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff", "vendor_id": "xy12345.us-east-1", "name": "Snowflake-Production", "type": "SNOWFLAKE", "state": "ENABLED", "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b", "status": "SUCCESS", "account_locator": "xy12345", "region": "us-east-1", "cloud": "aws", "user": "veza_user", "role": "VEZA_ROLE", "warehouse": "COMPUTE_WH", "database_allow_list": ["PROD_DB", "ANALYTICS_DB"], "database_deny_list": ["TEMP_DB", "TEST_DB"] } ``` #### Snowflake Configuration Fields * `account_locator` (String): Snowflake account locator (e.g., "xy12345") * `region` (String): Cloud region for the Snowflake account * `cloud` (String): Cloud provider ("aws", "azure", or "gcp") * `user` (String): Snowflake username for authentication * `password` (String): Password for the Snowflake user * `role` (String): Snowflake role to use for queries * `warehouse` (String): Default warehouse for compute * `database_allow_list` (Array): Database names to include * `database_deny_list` (Array): Database names to exclude For detailed Snowflake setup instructions, see [Snowflake Integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/snowflake). ### Snowflake API Operations #### List Snowflake Providers {% openapi src="" path="/api/v1/providers/snowflake" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Create Snowflake Provider {% openapi src="" path="/api/v1/providers/snowflake" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get Snowflake Provider {% openapi src="" path="/api/v1/providers/snowflake/{id}" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Update Snowflake Provider {% openapi src="" path="/api/v1/providers/snowflake/{provider.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Delete Snowflake Provider {% openapi src="" path="/api/v1/providers/snowflake/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} ## SQL Server Providers ### SQL Server Provider Object Schema SQL Server provider configurations include connection details and database filtering: ```json { "id": "90112ed7-47e7-48e6-9f05-c02d19d7f137", "vendor_id": "sqlserver.company.com", "name": "SQL-Production", "type": "SQL_SERVER", "state": "ENABLED", "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b", "status": "SUCCESS", "host": "sqlserver.company.com", "port": 1433, "username": "veza_user", "database_allow_list": ["ProductionDB", "AnalyticsDB"], "database_deny_list": ["TempDB", "TestDB"], "schema_allow_list": ["dbo", "analytics"], "schema_deny_list": ["temp"] } ``` #### SQL Server Configuration Fields * `host` (String): SQL Server hostname or IP address * `port` (Integer): Port number (typically 1433) * `username` (String): SQL Server username * `password` (String): Password for authentication * `database_allow_list` (Array): Database names to include * `database_deny_list` (Array): Database names to exclude * `schema_allow_list` (Array): Schema names to include * `schema_deny_list` (Array): Schema names to exclude For detailed SQL Server setup instructions, see [SQL Server Integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/sql-server). ### SQL Server API Operations #### List SQL Server Providers {% openapi src="" path="/api/v1/providers/sqlserver" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Create SQL Server Provider {% openapi src="" path="/api/v1/providers/sqlserver" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get SQL Server Provider {% openapi src="" path="/api/v1/providers/sqlserver/{id}" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Update SQL Server Provider {% openapi src="" path="/api/v1/providers/sqlserver/{provider.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Delete SQL Server Provider {% openapi src="" path="/api/v1/providers/sqlserver/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} ## Trino Providers ### Trino Provider Object Schema Trino provider configurations include cluster connection details and S3 access control file settings: ```json { "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff", "vendor_id": "trino.company.com", "name": "Trino-Production", "type": "TRINO", "state": "ENABLED", "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b", "status": "SUCCESS", "host": "trino.company.com", "port": 8080, "username": "veza_user", "aws_s3_object_config": { "access_key": "AKIA...", "region": "us-east-1", "bucket": "trino-config", "object": "access-control.properties", "credentials_type": "STATIC", "assume_role_name": "", "account_id": "" }, "ssl_certificate": "-----BEGIN CERTIFICATE-----\n..." } ``` #### Trino Configuration Fields * `host` (String): Trino coordinator hostname * `port` (Integer): Trino coordinator port (typically 8080 or 8443) * `username` (String): Trino username * `password` (String): Password for authentication * `aws_s3_object_config` (Object): S3 configuration for access control file * `ssl_certificate` (String): TLS certificate for secure connections #### S3 Object Configuration The `aws_s3_object_config` object contains: * `access_key` (String): AWS access key ID * `secret_key` (String): AWS secret access key * `region` (String): S3 bucket region * `bucket` (String): S3 bucket name * `object` (String): Path to access control file * `credentials_type` (String): Authentication method * `assume_role_name` (String): IAM role name (for assume role) * `assume_role_external_id` (String): External ID for assume role * `account_id` (String): AWS account ID For detailed Trino setup instructions, see [Trino Integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/trino). ### Trino API Operations #### List Trino Providers {% openapi src="" path="/api/v1/providers/trino" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Create Trino Provider {% openapi src="" path="/api/v1/providers/trino" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Get Trino Provider {% openapi src="" path="/api/v1/providers/trino/{id}" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Update Trino Provider {% openapi src="" path="/api/v1/providers/trino/{provider.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Delete Trino Provider {% openapi src="" path="/api/v1/providers/trino/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-e28050234cea9fe68f7858868c9b9fb86167df90%2Fopenapi.yaml?alt=media) {% endopenapi %} ## Error Handling All provider API operations return standard HTTP status codes: * **200 OK**: Request successful * **400 Bad Request**: Invalid request parameters or payload * **401 Unauthorized**: Invalid or missing API token * **403 Forbidden**: Insufficient permissions * **404 Not Found**: Provider configuration not found * **409 Conflict**: Provider configuration already exists * **500 Internal Server Error**: Server error Error responses include a descriptive message and error code: ```json { "error": { "code": "INVALID_CREDENTIALS", "message": "The provided credentials are invalid or expired", "details": "AWS STS AssumeRole failed with error: Access denied" } } ``` ## Best Practices When managing provider configurations: 1. **Use descriptive names** that identify the environment and purpose 2. **Implement least privilege** by configuring only necessary services and resources 3. **Use allow lists** rather than deny lists when possible for better security 4. **Test configurations** in development environments before production 5. **Monitor discovery status** regularly to ensure successful data collection 6. **Rotate credentials** according to your organization's security policies 7. **Use assume role authentication** for AWS providers when possible 8. **Configure resource filtering** to limit discovery scope and improve performance 9. **Use secrets vaults** to store sensitive credentials in your private network instead of in Veza. See [Secrets Vaults](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/connectivity/secrets-vaults) ## Related Documentation * [Provider Enable/Disable APIs](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/management/provider-enable-disable) * [API Authentication](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/authentication) * [Integration Guides](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations) * [Secrets Vaults](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/connectivity/secrets-vaults) * [Insight Points](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point)