EC2 Instances

When EC2 Sync with Distributed Cloud AIP is enabled, Distributed Cloud AIP continually scans for any instance creation or termination so the Distributed Cloud AIP platform reflects the current state of your infrastructure.

The EC2 instance endpoint provides visibility into which EC2 instances Distributed Cloud AIP monitors.

List AWS EC2 Instances

Overview

This method enables you to get a list of all the EC2 instances in your environment.

NOTE

The response defaults to show both monitored and non-monitored EC2 instances. The EC2 endpoint paginates query results based on the request.

If the request uses the verbose model, then results paginate after 100 responses return.

If the request uses the standard model, then results paginate after 10,000 responses return.

Sample Queries

Find all the EC2 instances in your organization:

https://api.threatstack.com/v2/aws/ec2

Find all monitored EC2 instances in your organization:

https://api.threatstack.com/v2/aws/ec2?monitored=true

Find all the non-monitored EC2 instances in your organization:

https://api.threatstack.com/v2/aws/ec2?monitored=false

Find all monitored AWS EC2 instances in your organization and return Distributed Cloud AIP Agent information about them:

https://api.threatstack.com/v2/aws/ec2?monitored=true&verbose=true

Error Handling Tips

The 400 error code means that you did not correctly specify a valid option for a parameter. You may hit this on monitored which, if provided, must be true or false.

Request

query Parameters

monitored	boolean Limits the response of EC2 servers to those that are monitored by Distributed Cloud AIP Agents (true), or those that are not (false)
verbose	boolean Whether to return results that include Distributed Cloud AIP Agent information (true) or not (false)

Responses

200

400

Bad parameters

401

Unauthorized response

429

Rate limit hit

500

An internal error has occurred

get/aws/ec2

Response samples

application/json

{"servers": [{"id": "string",
"kernelId": "string",
"instanceType": "string",
"privateDnsName": "string",
"privateIpAddress": "string",
"groups": [{"id": "string",
"name": "string"
}
],
"subnetId": "string",
"keyName": "string",
"region": "string",
"launchTime": "string",
"imageId": "string",
"architecture": "string",
"publicDnsName": "string",
"publicIpAddress": "string",
"vpcId": "string",
"awsProfile": [{"id": "string",
"organizationName": "string",
"description": "string"
}
],
"monitored": true,
"tags": [{"key": "string",
"value": "string",
"source": "ec2"
}
]
}
],
"token": "string"
}

➔ Next to CVE Vulnerabilities