Cloud Setup
AWS Setup
/api/esc/cloudsetup/{orgName}/aws/setupSets up AWS infrastructure using provided static credentials
Request Parameters
orgNamestring path requiredThe organization name
Request Body
accessKeyIdstring requiredAWS Access Key IDsecretAccessKeystring requiredAWS Secret Access KeysessionTokenstring requiredAWS Session Token (for temporary credentials)policyArnstring requiredARN of the IAM policy to attach to the roleoidcRoleNamestring requiredName of IAM Role for OIDC
Responses
successboolean requiredWhether the setup operation was successful- List of resources created or managed during setup
- ↳
typestring requiredType of the resource - ↳
idstring requiredUnique identifier of the resource - ↳
namestring requiredName of the resource - ↳
statusstring requiredStatus of the resource operation - ↳
errorstring optionalError message if the resource operation failed - ↳
propertiesmap[string]string optionalAdditional properties of the resource messagestring optionalOptional message about the setup operation
AWSSSO List Accounts
/api/esc/cloudsetup/{orgName}/aws/sso/accountsLists AWS accounts accessible with the provided session
Request Parameters
orgNamestring path requiredThe organization nameregionstring query optionalThe AWS regionsessionIdstring query optionalThe SSO session identifier
Responses
- List of cloud accounts/subscriptions
- ↳
idstring requiredAccount/subscription ID - ↳
namestring requiredAccount/subscription name - ↳
rolesarray[string] optionalRoles - ↳
numberinteger optionalProject number (for Azure)
AWSSSO Initiate
/api/esc/cloudsetup/{orgName}/aws/sso/initiateInitiates the AWS SSO flow
Request Parameters
orgNamestring path requiredThe organization name
Request Body
startUrlstring requiredThe AWS SSO Start URLregionstring requiredThe AWS SSO Region
Responses
urlstring requiredThe AWS SSO Verification URLuserCodestring requiredThe AWS SSO User Code to verifysessionIdstring requiredThe auth session id
AWSSSO Setup
/api/esc/cloudsetup/{orgName}/aws/sso/setupSets up AWS infrastructure and ESC environments using AWS SSO
Request Parameters
orgNamestring path requiredThe organization name
Request Body
sessionIdstring requiredThe auth session idregionstring requiredThe AWS SSO RegionaccountIdstring requiredThe AWS account idaccountRoleNamestring requiredThe AWS account role namepolicyArnstring requiredARN of the IAM policy to attach to the roleoidcRoleNamestring requiredName of IAM Role for OIDC
Responses
successboolean requiredWhether the setup operation was successful- List of resources created or managed during setup
- ↳
typestring requiredType of the resource - ↳
idstring requiredUnique identifier of the resource - ↳
namestring requiredName of the resource - ↳
statusstring requiredStatus of the resource operation - ↳
errorstring optionalError message if the resource operation failed - ↳
propertiesmap[string]string optionalAdditional properties of the resource messagestring optionalOptional message about the setup operation
Azure List Accounts
/api/esc/cloudsetup/{orgName}/oauth/azure/accountsLists Azure subscriptions accessible with the provided ARM session
Request Parameters
orgNamestring path requiredThe organization namearmSessionIdstring query optionalThe Azure ARM session identifier
Responses
- List of cloud accounts/subscriptions
- ↳
idstring requiredAccount/subscription ID - ↳
namestring requiredAccount/subscription name - ↳
rolesarray[string] optionalRoles - ↳
numberinteger optionalProject number (for Azure)
Azure Setup
/api/esc/cloudsetup/{orgName}/oauth/azure/setupSets up Azure infrastructure and ESC environments using OAuth credentials
Request Parameters
orgNamestring path requiredThe organization name
Request Body
armSessionIdstring requiredARM (Azure Resource Manager) OAuth session IDgraphSessionIdstring requiredMicrosoft Graph OAuth session ID- List of Azure environment configurations to create
appObjectIdstring optionalObject ID of the app registration created by a prior AzureSetup call. When set, the app registration is resolved by ID instead of searched by display name, so batched setup calls cannot land on different app registrations.servicePrincipalIdstring optionalObject ID of the service principal created by a prior AzureSetup call. When set, the service principal lookup is skipped and roles are assigned to this principal.
Responses
successboolean requiredWhether the setup operation was successful- List of resources created or managed during setup
- ↳
typestring requiredType of the resource - ↳
idstring requiredUnique identifier of the resource - ↳
namestring requiredName of the resource - ↳
statusstring requiredStatus of the resource operation - ↳
errorstring optionalError message if the resource operation failed - ↳
propertiesmap[string]string optionalAdditional properties of the resource messagestring optionalOptional message about the setup operation
Complete O Auth
/api/esc/cloudsetup/{orgName}/oauth/completeCompletes OAuth flow by exchanging authorization code for access token
Request Parameters
orgNamestring path requiredThe organization name
Request Body
- CloudSetupProvider configuration for OAuth authentication
sessionIDstring requiredSession identifier from OAuth initiationcodestring requiredAuthorization code returned from OAuth provider
Responses
GCP List Accounts
/api/esc/cloudsetup/{orgName}/oauth/gcp/accountsLists GCP projects accessible with the provided OAuth session. When ‘gcpOrganizationId’ is provided, discovery is scoped to that GCP organization: results include projects directly under the organization and projects nested under its descendant folders, and a 400 is returned if the ID is malformed or returned no projects. When ‘gcpOrganizationId’ is omitted, all active projects the OAuth principal can access are returned regardless of organization. System-generated projects (IDs prefixed ‘sys-’) and projects pending deletion are excluded in both cases.
Request Parameters
orgNamestring path requiredThe organization namegcpOrganizationIdstring query optionalOptional GCP numeric organization ID. When provided, results are scoped to projects directly under this organization and projects nested under its descendant folders; when omitted, all accessible projects are returned. Find it in the Google Cloud console under IAM & Admin > Settings.oauthSessionIdstring query optionalThe OAuth session identifier. Required; returns 400 when missing.
Responses
- List of cloud accounts/subscriptions
- ↳
idstring requiredAccount/subscription ID - ↳
namestring requiredAccount/subscription name - ↳
rolesarray[string] optionalRoles - ↳
numberinteger optionalProject number (for Azure)
GCP Setup
/api/esc/cloudsetup/{orgName}/oauth/gcp/setupSets up GCP infrastructure using OAuth credentials
Request Parameters
orgNamestring path requiredThe organization name
Request Body
oauthSessionIdstring requiredGCP OAuth session ID- GCP environment configuration to create
Responses
successboolean requiredWhether the setup operation was successful- List of resources created or managed during setup
- ↳
typestring requiredType of the resource - ↳
idstring requiredUnique identifier of the resource - ↳
namestring requiredName of the resource - ↳
statusstring requiredStatus of the resource operation - ↳
errorstring optionalError message if the resource operation failed - ↳
propertiesmap[string]string optionalAdditional properties of the resource messagestring optionalOptional message about the setup operation
Initiate O Auth
/api/esc/cloudsetup/{orgName}/oauth/initiateInitiates OAuth flow for a given cloud provider
Request Parameters
orgNamestring path requiredThe organization name
Request Body
- CloudSetupProvider configuration for OAuth authentication
Responses
urlstring requiredAuthorization URL to redirect user tosessionIDstring requiredSession identifier for tracking the OAuth flow