Get query spec node destinations
GetAssessmentQuerySpecDestinationNodes returns the related destination nodes, including effective permissions, for a single entity in the results of a saved query.
Sample request:
The request must include the full query spec object, and the source_node_id of the query result to return destination nodes for. You can additionally provide a snapshot_id to query against historical data.
curl -X 'POST' "$BASE_URL/api/v1/assessments/query_spec:destination_nodes?page_size=0&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{
"spec": {
"query_type": "SOURCE_TO_DESTINATION",
"include_nodes": true,
"source_node_types": {
"nodes": [
{
"node_type": "AwsIamUser"
}
]
},
"destination_node_types": {
"nodes": [
{
"node_type": "S3Bucket"
}
]
},
"no_relation": false,
"raw_permissions": {
"operator": "OR",
"values": [
"s3:PutBucketAcl"
]
}
},
"source_node_id": "arn:aws:iam::877042069677:user/j.smith",
"snapshot_id": "1690182000"
}'Sample response:
{
"values": [
{
"id": "arn:aws:s3:::aws-cloudtrail-logs-877042069677-a35f269d",
"type": "S3Bucket",
"properties": {
"allows_acls": true,
"aws_account_id": "877042069677",
"block_public_access_enabled": true,
"block_public_acls": true,
"block_public_policy": true,
"created_at": "2022-02-07T20:33:19Z",
"datasource_id": "877042069677:s3",
"default_encryption_enabled": true,
"default_retention_mode": "DISABLED",
"hosts_website": false,
"ignore_public_acls": true,
"name": "aws-cloudtrail-logs-877042069677-a35f269d",
"object_lock_enabled": false,
"object_ownership_controls": "ObjectWriter",
"provider_id": "877042069677",
"region": "us-east-1",
"replication_rules_count": 0,
"request_payer": "BucketOwner",
"restrict_public_buckets": true,
"server_access_logs_enabled": false
},
"destination_node_count": 0,
"permissions": [
{
"id": "arn:aws:iam::877042069677:user/j.smith::eperm::877042069677/S3Bucket/9e5c59f46ddc58231c08bc23534d1a83c0bffe87",
"type": "AwsIamEffectivePermission",
"properties": {
"aws_account_id": "877042069677",
"datasource_id": "877042069677::eperm::877042069677:s3",
"name": "Create,Write,Delete,Read,Metadata,NonData",
"permissions": [
"s3:AbortMultipartUpload",
"s3:BypassGovernanceRetention",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:GetAccelerateConfiguration",
"s3:GetAnalyticsConfiguration",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetInventoryConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetMetricsConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTagging",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTagging",
"s3:GetObjectVersionTorrent",
"s3:GetReplicationConfiguration",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:PutAccelerateConfiguration",
"s3:PutAnalyticsConfiguration",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketObjectLockConfiguration",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
"s3:PutBucketRequestPayment",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutEncryptionConfiguration",
"s3:PutInventoryConfiguration",
"s3:PutLifecycleConfiguration",
"s3:PutMetricsConfiguration",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionAcl",
"s3:PutObjectVersionTagging",
"s3:ReplicateDelete",
"s3:ReplicateObject",
"s3:ReplicateTags",
"s3:RestoreObject"
],
"provider_id": "877042069677"
},
"destination_node_count": 0,
"permissions": [],
"engagement_access_stats": null,
"access_stats": null,
"destination_node_ids": [],
"risk_level": "NONE",
"raw_permissions": [],
"effective_permissions": []
}
],
"engagement_access_stats": null,
"access_stats": null,
"destination_node_ids": [],
"risk_level": "NONE",
"raw_permissions": [
"s3:AbortMultipartUpload",
"s3:BypassGovernanceRetention",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:GetAccelerateConfiguration",
"s3:GetAnalyticsConfiguration",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetInventoryConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetMetricsConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectLegalHold",
"s3:GetObjectRetention",
"s3:GetObjectTagging",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTagging",
"s3:GetObjectVersionTorrent",
"s3:GetReplicationConfiguration",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:PutAccelerateConfiguration",
"s3:PutAnalyticsConfiguration",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketObjectLockConfiguration",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
"s3:PutBucketRequestPayment",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutEncryptionConfiguration",
"s3:PutInventoryConfiguration",
"s3:PutLifecycleConfiguration",
"s3:PutMetricsConfiguration",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionAcl",
"s3:PutObjectVersionTagging",
"s3:ReplicateDelete",
"s3:ReplicateObject",
"s3:ReplicateTags",
"s3:RestoreObject"
],
"effective_permissions": [
"Create",
"Delete",
"Metadata",
"NonData",
"Read",
"Write"
]
}
],
"path_values": [],
"next_page_token": "",
"has_more": false
}Last updated