1. Docs
  2. Reference
  3. REST API Docs
  4. Insights Accounts

Insights Accounts

    Pulumi Insights enables visibility into cloud resources and compliance monitoring. The Insights Accounts API allows you to create, list, and manage accounts for various cloud providers.

    Search Stacks

    Preview. This endpoint is in preview and may change without notice.
    POST /api/console/orgs/{orgName}/stacks/search

    Returns a combined view of IaC-managed stacks and discovered stacks.

    Request Parameters

    • orgName string path required
      The organization name

    Request Body

    Schema: AngularGridGetRowsRequest
    • startRow integer optional
      The start row
    • endRow integer optional
      The end row
    • rowGroupCols array[AngularGridColumn] required
      List of row group cols
    • id string required
      The unique identifier
    • displayName string required
      The display name
    • field string optional
      The field
    • aggFunc string optional
      The agg func
    • valueCols array[AngularGridColumn] required
      List of value cols
    • id string required
      The unique identifier
    • displayName string required
      The display name
    • field string optional
      The field
    • aggFunc string optional
      The agg func
    • groupKeys array[string] required
      List of group keys
    • filterModel AngularGridAdvancedFilterModel required
      The filter model
    • type string required
      The type
    • conditions array[AngularGridFilterModel] required
      List of conditions
    • sortModel array[AngularGridSortModelItem] required
      List of sort model
    • colId string required
      Column Id to apply the sort to.
    • sort string required
      Sort direction

    Responses

    200 OK
    Schema: ListOrganizationProjectsResponsev3
    • rowData array[object] required
      The project data rows
    • rowCount integer optional
      The total number of rows
    Errors: 400 Invalid request parameters

    Get Usage Summary Insights Scans

    GET /api/orgs/{orgName}/insights-scans/summary

    Returns a summary of Insights scan usage for an organization, grouped by the specified time granularity.

    Request Parameters

    • orgName string path required
      The organization name
    • granularity string query optional
      Time granularity for grouping usage data. Valid values: ‘hourly’, ‘daily’, ‘weekly’, ‘monthly’, ‘yearly’. Hourly granularity is limited to a 2-day lookback.
    • lookbackDays integer query optional
      Number of days to look back for usage data. Mutually exclusive with lookbackStart; exactly one must be provided.
    • lookbackStart integer query optional
      Start of the lookback period as a Unix timestamp (seconds since epoch). Must be within the last year and in the past. Mutually exclusive with lookbackDays; exactly one must be provided.

    Responses

    200 OK
    Schema: GetResourceCountSummaryResponse
    • summary array[ResourceCountSummary] required
      The list of resource count summaries
    • year integer required
      The 4-digit year.
    • month integer optional
      The month of the year. Ranges from 1 to 12.
    • day integer optional
      The day of month. Ranges from 1 to 31.
    • weekNumber integer optional
      The week number in the year with Sunday marking the start of the week. Ranges from 0-53.
    • hour integer optional
      The hour of the day. Ranges from 0 to 23.
    • resources integer required
      The RUM (total number of resources under management at a given time). Calculated by getting the average of the all the resources for the given time frame.
    • resourceHours integer required
      The RHUM, which is the number of hours the resources under management have been running. Calculated by getting the sum of all the resources for the given time frame. 1 resource hour = 1 Pulumi credit.
    204 No Content

    List Accounts

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts

    Lists Insights accounts available to the authenticated user within the specified organization.

    Request Parameters

    • orgName string path required
      The organization name
    • continuationToken string query optional
      Continuation token for paginated results
    • count integer query optional
      Number of results to return (default: 100, max: 1000)
    • parent string query optional
      Filter results to child accounts of the specified parent account name (e.g., an AWS organization management account)
    • roleID string query optional
      Filter results to accounts accessible by the specified role

    Responses

    200 successful operation
    Schema: ListInsightsAccountsResponse
    • accounts array[InsightsAccount] optional
      The list of Insights accounts
    • id string required
      ID of the account.
    • name string required
      The name of the account.
    • ownedBy UserInfo required
      The user with ownership of this Insights account
    • provider string required
      The cloud provider for the account (e.g., aws, gcp, azure-native).
    • providerVersion string optional
      The version of the Pulumi provider package used for discovery.
    • providerEnvRef string optional
      Reference to an ESC environment containing provider credentials, in the format ‘project/environment’ with an optional @version suffix.
    • scheduledScanEnabled boolean required
      If true, the account is scheduled for recurring discovery.
    • agentPoolID string optional
      The ID of the agent pool to run account discovery workflows. If not specified, discovery will use the default agent pool.
    • providerConfig object optional
      Provider-specific configuration for the account.
    • scanStatus ScanStatus optional
      Status of the last discovery scan for this account.
    • nextToken string optional
      Token for fetching the next page of results
    Errors: 400 count must be in the range [1, 1000] 404 Organization or parent account not found

    Bulk Create Accounts

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts

    Creates multiple Insights accounts in a single operation. Each account is created independently, so a failure to create one account does not prevent other accounts from being created. Returns the list of successfully created accounts and details about any failures. Accounts are created with the same permissions as the single CreateAccount endpoint. For AWS accounts, regional child accounts are created automatically based on the provider configuration.

    Request Parameters

    • orgName string path required
      The organization name

    Request Body

    Schema: BulkCreateInsightsAccountsRequest
    • accounts array[BulkCreateInsightsAccountItem] required
      The list of accounts to create. Each item defines a single Insights account with its provider, ESC environment reference, and optional configuration. Maximum 100 accounts per request.
    • name string required
      The name of the account to create. Must be unique within the organization.
    • provider enum required
      The cloud provider for the account (e.g., aws, gcp, azure-native).
      Values: aws, gcp, azure-native, oci, kubernetes
    • environment string required
      Reference to an ESC environment containing provider credentials, in the format ‘project/environment’ with an optional @version suffix.
    • scanSchedule enum optional
      Schedule for automated discovery scans (e.g., ’none’, ‘daily’).
      Values: none, 12h, daily
    • agentPoolID string optional
      The ID of the agent pool to run account discovery workflows. If not specified, discovery will use the default agent pool.
    • providerConfig object optional
      Provider-specific configuration for the account.

    Responses

    200 OK
    Schema: BulkCreateInsightsAccountsResponse
    • accounts array[InsightsAccount] required
      The list of accounts that were successfully created.
    • id string required
      ID of the account.
    • name string required
      The name of the account.
    • ownedBy UserInfo required
      The user with ownership of this Insights account
    • provider string required
      The cloud provider for the account (e.g., aws, gcp, azure-native).
    • providerVersion string optional
      The version of the Pulumi provider package used for discovery.
    • providerEnvRef string optional
      Reference to an ESC environment containing provider credentials, in the format ‘project/environment’ with an optional @version suffix.
    • scheduledScanEnabled boolean required
      If true, the account is scheduled for recurring discovery.
    • agentPoolID string optional
      The ID of the agent pool to run account discovery workflows. If not specified, discovery will use the default agent pool.
    • providerConfig object optional
      Provider-specific configuration for the account.
    • scanStatus ScanStatus optional
      Status of the last discovery scan for this account.
    • failures array[BulkCreateInsightsAccountFailure] required
      The list of accounts that failed to be created, with error details.
    • name string required
      The name of the account that failed to be created.
    • error string required
      A human-readable error message describing why the account creation failed.
    Errors: 400 Invalid request body or empty accounts list 404 Organization not found

    Read Account

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}

    Gets detailed information for a specific Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    200 successful operation
    Schema: ReadInsightsAccountResponse
    • id string required
      ID of the account.
    • name string required
      The name of the account.
    • ownedBy UserInfo required
      The user with ownership of this Insights account
    • name string required
      The user’s display name.
    • githubLogin string required
      The user’s login name.
    • avatarUrl string required
      The URL of the user’s avatar image.
    • email string optional
      IMPORTANT: The email address of the user is only included on a few admin-only APIs. For nearly all APIs that return a UserInfo object, this will not be provided. considered sensitive information.
    • provider string required
      The cloud provider for the account (e.g., aws, gcp, azure-native).
    • providerVersion string optional
      The version of the Pulumi provider package used for discovery.
    • providerEnvRef string optional
      Reference to an ESC environment containing provider credentials, in the format ‘project/environment’ with an optional @version suffix.
    • scheduledScanEnabled boolean required
      If true, the account is scheduled for recurring discovery.
    • agentPoolID string optional
      The ID of the agent pool to run account discovery workflows. If not specified, discovery will use the default agent pool.
    • providerConfig object optional
      Provider-specific configuration for the account.
    • scanStatus ScanStatus optional
      Status of the last discovery scan for this account.
    • accountName string optional
      The name of the insights account associated with this scan.
    • id string required
      The unique identifier of the workflow run.
    • orgId string required
      The organization ID.
    • resourceCount integer optional
      The number of resources discovered by this scan.
    • userId string required
      The user ID who initiated the workflow run.
    • status enum required
      The current status of the workflow run.
      Values: running, failed, succeeded
    • startedAt string required
      The time the workflow run started.
    • finishedAt string required
      The time the workflow run finished, if completed.
    • lastUpdatedAt string required
      The time the workflow run was last updated.
    • jobTimeout string required
      The timeout for jobs in the workflow run.
    • jobs array[JobRun] optional
      The list of job runs within the workflow.
    Errors: 404 Account

    Create Account

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}

    Creates a new Insights account. An Insights account represents a cloud provider account (e.g., AWS, Azure, OCI) configured for resource discovery.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: CreateInsightsAccountRequest
    • provider enum required
      The cloud provider for the account (e.g., aws, gcp, azure-native).
      Values: aws, gcp, azure-native, oci, kubernetes
    • environment string required
      Reference to an ESC environment containing provider credentials, in the format ‘project/environment’ with an optional @version suffix.
    • cron string optional
      Deprecated: Use scanSchedule instead. Cron expression for scheduling scans.
    • scanSchedule enum optional
      Schedule for automated discovery scans (e.g., ’none’, ‘daily’).
      Values: none, 12h, daily
    • agentPoolID string optional
      The ID of the agent pool to run account discovery workflows. If not specified, discovery will use the default agent pool.
    • providerConfig object optional
      Provider-specific configuration for the account.

    Responses

    204 No Content
    Errors: 400 invalid account name 404 Organization or environment not found

    Update Account

    Preview. This endpoint is in preview and may change without notice.
    PATCH /api/preview/insights/{orgName}/accounts/{accountName}

    Updates an existing Insights account. Supports partial updates to the ESC environment reference, scan schedule (’none’ or ‘daily’), and provider-specific configuration such as the list of regions to scan. All request body fields are optional; only provided fields are updated.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: UpdateInsightsAccountRequest
    • environment string required
      Reference to an ESC environment containing provider credentials, in the format ‘project/environment’ with an optional @version suffix.
    • scanSchedule enum optional
      Schedule for automated discovery scans (e.g., ’none’, ‘daily’).
      Values: none, 12h, daily
    • providerConfig object optional
      Provider-specific configuration for the account.
    • agentPoolID string optional
      The ID of the agent pool to run account discovery workflows. If not specified, discovery will use the default agent pool.

    Responses

    204 No Content
    Errors: 400 invalid provider config 404 Account or environment not found

    Delete Account

    Preview. This endpoint is in preview and may change without notice.
    DELETE /api/preview/insights/{orgName}/accounts/{accountName}

    Deletes an Insights account and its associated configuration. This operation is irreversible.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    204 No Content
    Errors: 404 Account

    Head Account

    Preview. This endpoint is in preview and may change without notice.
    HEAD /api/preview/insights/{orgName}/accounts/{accountName}

    Checks whether an Insights account exists. Returns 204 if found, 404 otherwise.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    204 No Content
    Errors: 404 Account

    List Policy Packs For Account

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/policy/packs

    Returns the policy packs configured to analyze resources in the specified Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • continuationToken string query optional
      Continuation token for paginated results

    Responses

    200 successful operation
    Schema: ListPolicyPacksForInsightsAccountResponse
    • packs array[AppRequiredPolicy] required
      The list of required policy packs
    • name string required
      The name (unique and URL-safe) of the required Policy Pack.
    • version integer required
      The version of the required Policy Pack.
    • versionTag string required
      The version tag of the required Policy Pack.
    • displayName string required
      The pretty name of the required Policy Pack.
    • packLocation string optional
      Where the Policy Pack can be downloaded from.
    • config map[string]object optional
      The configuration that is to be passed to the Policy Pack. This is map a of policies mapped to their configuration. Each individual configuration must comply with the JSON schema for each Policy within the Policy Pack.
    • environments array[string] optional
      References to ESC environments whose resolved values the CLI should inject into the policy pack process.
    Errors: 400 invalid continuation token 404 Account

    Upsert Resources

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}/resources

    Creates or updates discovered resources in an Insights account. Used by scanners to report resource state.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: UpsertInsightsResourcesRequest
    • resources array[UpsertInsightsResource] required
      The list of resources to upsert.
    • type string required
      The resource type.
    • id string required
      The unique identifier of the resource.
    • inputs object required
      The resource inputs as raw JSON.
    • state object required
      The resource state as raw JSON.
    • dependencies array[ResourceDependency] optional
      The chain of dependencies used to list this resource.

    Responses

    204 No Content
    Errors: 404 Account

    Read Resource

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}

    Returns a discovered resource with its current version details.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'

    Responses

    200 successful operation
    Schema: InsightsResourceWithVersion
    • account string required
      The account name containing the resource
    • type string required
      The resource type
    • id string required
      The resource identifier
    • version integer required
      The resource version number
    • modified string required
      When the resource was last modified
    • state object optional
      The raw resource state
    • policyState string optional
      The policy evaluation state for the resource
    Errors: 400 invalid resource version 404 Account

    List Resource Version Edges

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/edges

    Returns the relationships (edges) between a discovered resource and other resources in the account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'
    • continuationToken string query optional
      Continuation token for paginated results
    • count integer query optional
      Number of results to return (default: 100, max: 500)

    Responses

    200 successful operation
    Schema: ListInsightsResourceVersionEdgesResponse
    • edges array[InsightsResourceVersionEdge] required
      The list of resource version edges
    • sourceUrn string required
      The source resource URN
    • sourceVersion integer required
      The source resource version
    • destUrn string required
      The destination resource URN
    • edgeType string required
      The type of edge relationship
    • nextToken string optional
      Token for fetching the next page of results
    Errors: 400 count must be in the range [1, 500] 404 Account

    Read Resource With References

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/references

    Returns a discovered resource along with its referenced (related) resources.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'

    Responses

    200 successful operation
    Schema: InsightsResourceWithReferences
    • resource InsightsResourceWithVersion required
      The Insights resource with version information
    • account string required
      The account name containing the resource
    • type string required
      The resource type
    • id string required
      The resource identifier
    • version integer required
      The resource version number
    • modified string required
      When the resource was last modified
    • state object optional
      The raw resource state
    • policyState string optional
      The policy evaluation state for the resource
    • indexedResource ResourceResult required
      The indexed resource result
    • created string optional
      The ISO 8601 timestamp when the resource was first indexed.
    • custom boolean optional
      Whether this is a custom resource managed by a provider plugin.
    • delete boolean optional
      Whether this resource is pending deletion.
    • dependencies array[string] optional
      URNs of resources that this resource depends on.
    • external boolean optional
      Whether the lifecycle of this resource is not managed by Pulumi.
    • id string optional
      The provider-assigned resource ID.
    • matches map[string]array optional
      Matched search terms mapped to their highlighted values.
    • modified string optional
      The ISO 8601 timestamp when the resource was last updated in the index.
    • module string required
      The module that contains this resource.
    • name string optional
      The name of the resource.
    • package string required
      The package that provides this resource.
    • parent_urn string optional
      The URN of the parent resource, if any.
    • pending string optional
      The pending operation on this resource, if any (e.g. creating, updating, deleting).
    • project string optional
      The project that contains this resource.
    • protected boolean optional
      Whether this resource is protected from deletion.
    • provider_urn string optional
      The URN of the provider for this resource.
    • stack string optional
      The stack that contains this resource.
    • type string optional
      The full type token of the resource (e.g. aws:s3/bucket:Bucket).
    • urn string optional
      The URN uniquely identifying this resource within a stack.
    • teams array[string] optional
      The teams that have access to this resource.
    • properties object optional
      The resource’s input/output properties as a JSON object. Only populated when explicitly requested.
    • metadata object optional
      Additional metadata associated with the resource.
    • category string optional
      The category of the resource.
    • account string optional
      The Insights account name that discovered or manages this resource.
    • dependents array[string] optional
      URNs of resources that depend on this resource.
    • managed string optional
      Whether this resource is managed by Pulumi IaC stacks or discovered by Insights scanning. One of ‘managed’ or ‘discovered’.
    • fingerprint string optional
      A fingerprint uniquely identifying this resource’s state.
    • sourceCount integer optional
      The number of sources for this resource.
    • urn string required
      The resource URN
    • from array[InsightsResourceWithReferences] required
      Resources that reference this resource
    • resource InsightsResourceWithVersion required
      The Insights resource with version information
    • indexedResource ResourceResult required
      The indexed resource result
    • urn string required
      The resource URN
    • from array[InsightsResourceWithReferences] required
      Resources that reference this resource
    • to array[InsightsResourceWithReferences] required
      Resources that this resource references
    • to array[InsightsResourceWithReferences] required
      Resources that this resource references
    • resource InsightsResourceWithVersion required
      The Insights resource with version information
    • indexedResource ResourceResult required
      The indexed resource result
    • urn string required
      The resource URN
    • from array[InsightsResourceWithReferences] required
      Resources that reference this resource
    • to array[InsightsResourceWithReferences] required
      Resources that this resource references

    List Resource Stack Edges

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/stack_edges

    Returns the Pulumi stacks that manage the specified discovered resource.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id’ (e.g., ‘aws:ec2/instance:Instance::i-1234567890abcdef0’)

    Responses

    200 successful operation
    Schema: ListInsightsResourceStackEdgesResponse
    • edges array[InsightsResourceStackEdge] required
      The list of resource-to-stack edges
    • insightsResourceId string required
      The Insights resource identifier
    • stackResourceUrn string required
      The stack resource URN
    Errors: 404 Account

    List Resource Versions

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions

    Returns the version history for a discovered resource, showing how its configuration has changed over time.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'
    • continuationToken string query optional
      Continuation token for paginated results
    • count integer query optional
      Number of results to return (default: 100, max: 500)

    Responses

    200 successful operation
    Schema: ListInsightsResourceVersionsResponse
    • versions array[ListInsightsResourceVersion] optional
      The list of resource versions
    • version integer required
      The version number
    • created string required
      When the version was created
    • nextToken string optional
      Token for fetching the next page of results
    Errors: 400 count must be in the range [1, 500] 404 Account

    Read Resource

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions/{resourceVersion}

    Returns a discovered resource with its current or specified version details.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'
    • resourceVersion string path required
      The specific version number of the discovered resource to retrieve

    Responses

    200 successful operation
    Schema: InsightsResourceWithVersion
    • account string required
      The account name containing the resource
    • type string required
      The resource type
    • id string required
      The resource identifier
    • version integer required
      The resource version number
    • modified string required
      When the resource was last modified
    • state object optional
      The raw resource state
    • policyState string optional
      The policy evaluation state for the resource
    Errors: 400 invalid resource version 404 Account

    List Resource Version Edges

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions/{resourceVersion}/edges

    Returns the relationships (edges) between a discovered resource and other resources in the account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'
    • resourceVersion integer path required
      The specific version number of the resource to list edges for
    • continuationToken string query optional
      Continuation token for paginated results
    • count integer query optional
      Number of results to return (default: 100, max: 500)

    Responses

    200 successful operation
    Schema: ListInsightsResourceVersionEdgesResponse
    • edges array[InsightsResourceVersionEdge] required
      The list of resource version edges
    • sourceUrn string required
      The source resource URN
    • sourceVersion integer required
      The source resource version
    • destUrn string required
      The destination resource URN
    • edgeType string required
      The type of edge relationship
    • nextToken string optional
      Token for fetching the next page of results
    Errors: 400 count must be in the range [1, 500] 404 Account

    Update Resource Version Policy Results

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions/{resourceVersion}/policy/results

    Updates the policy evaluation results for a specific version of a discovered resource.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • resourceTypeAndId string path required
      The resource type and cloud provider ID, double-URL-encoded, in the format ’type::id'
    • resourceVersion string path required
      The specific version number of the discovered resource to update policy results for

    Request Body

    Schema: UpdateInsightsResourceVersionPolicyResultsRequest
    • claimId string required
      The claim ID for the policy evaluation.
    • results InsightsPolicyResults required
      The policy evaluation results.
    • succeeded boolean required
      Whether the policy evaluation succeeded without violations
    • violations array[InsightsPolicyViolation] optional
      The list of policy violations found, if any

    Responses

    204 No Content
    Errors: 400 invalid resource version 404 Account or Resource Version

    List Resources With References

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}/resources/references

    Returns discovered resources along with their referenced resources for a batch of resource identifiers.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: ListResourcesWithReferencesRequest
    • resourceIdentifiers array[InsightsResourceIdentifier] required
      The resource identifiers to look up
    • account string required
      The account name containing the resource
    • type string required
      The resource type
    • id string required
      The resource identifier
    • version integer optional
      If nil, the latest version is used
    • depth integer optional
      The depth of references to traverse

    Responses

    200 successful operation
    Errors: 404 Account or Resource Identifier

    Read Scan Status

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/scan

    Returns the status of the most recent scan for an Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    200 successful operation
    Schema: ScanStatusResponse
    • id string required
      The unique identifier of the workflow run.
    • nextScan string optional
      The timestamp of the next scheduled scan, if any.
    • orgId string required
      The organization ID.
    • userId string required
      The user ID who initiated the workflow run.
    • status enum required
      The current status of the workflow run.
      Values: running, failed, succeeded
    • startedAt string required
      The time the workflow run started.
    • finishedAt string required
      The time the workflow run finished, if completed.
    • lastUpdatedAt string required
      The time the workflow run was last updated.
    • jobTimeout string required
      The timeout for jobs in the workflow run.
    • jobs array[JobRun] optional
      The list of job runs within the workflow.
    • status enum required
      The current status of the job run
      Values: not-started, accepted, running, failed, succeeded, skipped
    • started string optional
      When the job started running
    • lastUpdated string optional
      When the job was last updated
    • timeout integer required
      The timeout duration for the job in nanoseconds (Go time.Duration).
    • steps array[StepRun] required
      The list of step runs within this job
    • worker object optional
      Information about the worker executing this job
    Errors: 404 Scan for account

    Scan Account

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}/scan

    Starts a resource discovery scan for an Insights account. For parent accounts, triggers scans across all child accounts.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: ScanInsightsAccountRequest
    • agentPoolID string optional
      The ID of the agent pool to use for scanning. If not specified, the default agent pool will be used.
    • listConcurrency integer optional
      The concurrency level for list operations during the scan.
    • readConcurrency integer optional
      The concurrency level for read operations during the scan.
    • batchSize integer optional
      The batch size for processing resources during the scan.
    • readTimeout string optional
      The timeout duration for read operations, as a Go duration string (e.g., ’30s’, ‘5m’).

    Responses

    200 OK. Returns the WorkflowRun representing the scan.
    Schema: WorkflowRun
    • id string required
      The unique identifier of the workflow run.
    • orgId string required
      The organization ID.
    • userId string required
      The user ID who initiated the workflow run.
    • status enum required
      The current status of the workflow run.
      Values: running, failed, succeeded
    • startedAt string required
      The time the workflow run started.
    • finishedAt string required
      The time the workflow run finished, if completed.
    • lastUpdatedAt string required
      The time the workflow run was last updated.
    • jobTimeout string required
      The timeout for jobs in the workflow run.
    • jobs array[JobRun] optional
      The list of job runs within the workflow.
    • status enum required
      The current status of the job run
      Values: not-started, accepted, running, failed, succeeded, skipped
    • started string optional
      When the job started running
    • lastUpdated string optional
      When the job was last updated
    • timeout integer required
      The timeout duration for the job in nanoseconds (Go time.Duration).
    • steps array[StepRun] required
      The list of step runs within this job
    • worker object optional
      Information about the worker executing this job
    204 No Content. When scanning parent accounts.
    Errors: 400 Invalid request or scan already in progress 404 WorkflowRun

    Cancel Scan

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}/scan/cancel

    Cancels a running resource discovery scan for an Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    204 No Content
    Errors: 404 Account

    Pause Scheduled Scans

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}/scan/pause

    PauseScheduledScans pauses execution of future scheduled scans for an Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    204 No Content

    Resume Scheduled Scans

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/accounts/{accountName}/scan/resume

    ResumeScheduledScans resumes execution of future scheduled scans for an Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    204 No Content

    Read Scheduled Scan Settings

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/scan/settings

    Returns the scheduled scan configuration for an Insights account, including scan frequency and schedule details.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    200 successful operation
    Schema: ScheduledInsightsScanSettingsResponse
    • listConcurrency integer optional
      The concurrency level for list operations during the scan.
    • scheduleCron string required
      The cron expression defining the scan schedule.
    • paused boolean required
      Whether the scheduled scan is paused.
    • readConcurrency integer optional
      The concurrency level for read operations during the scan.
    • batchSize integer optional
      The batch size for processing resources during the scan.
    • readTimeout string optional
      The timeout duration for read operations, as a Go duration string (e.g., ’30s’, ‘5m’).
    Errors: 404 Scheduled scan for account

    Update Scheduled Scan Settings

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/accounts/{accountName}/scan/settings

    Updates the scheduled scan configuration for an Insights account, such as scan frequency and schedule.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: ScheduledInsightsScanSettingsRequest
    • listConcurrency integer optional
      The concurrency level for list operations during the scan.
    • scheduleCron string optional
      The cron expression defining the scan schedule.
    • paused boolean required
      Whether the scheduled scan is paused.
    • readConcurrency integer optional
      The concurrency level for read operations during the scan.
    • batchSize integer optional
      The batch size for processing resources during the scan.
    • readTimeout string optional
      The timeout duration for read operations, as a Go duration string (e.g., ’30s’, ‘5m’).

    Responses

    204 No Content
    Errors: 400 Invalid scan schedule

    List Scan Status

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/scans

    Returns the scan history for an Insights account, including child accounts for parent accounts.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • continuationToken string query optional
      Continuation token for paginated results
    • pageSize integer query optional
      Number of results per page (default: 100, max: 1000)

    Responses

    200 successful operation
    Schema: ListScanStatusResponse
    • scanStatuses array[ScanStatus] required
      The list of scan statuses
    • accountName string optional
      The name of the insights account associated with this scan.
    • id string required
      The unique identifier of the workflow run.
    • orgId string required
      The organization ID.
    • resourceCount integer optional
      The number of resources discovered by this scan.
    • userId string required
      The user ID who initiated the workflow run.
    • status enum required
      The current status of the workflow run.
      Values: running, failed, succeeded
    • startedAt string required
      The time the workflow run started.
    • finishedAt string required
      The time the workflow run finished, if completed.
    • lastUpdatedAt string required
      The time the workflow run was last updated.
    • jobTimeout string required
      The timeout for jobs in the workflow run.
    • jobs array[JobRun] optional
      The list of job runs within the workflow.
    • continuationToken string optional
      ContinuationToken is an opaque value the client can send to fetch additional scans. Will be nil once all scans have been returned.
    Errors: 400 Invalid query params 404 Account

    Get Scan

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/scans/{scanId}

    Returns details for a specific Insights scan, including its status, timestamps, and resource counts.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • scanId string path required
      The scan identifier

    Responses

    200 successful operation
    Schema: ScanStatus
    • accountName string optional
      The name of the insights account associated with this scan.
    • id string required
      The unique identifier of the workflow run.
    • orgId string required
      The organization ID.
    • resourceCount integer optional
      The number of resources discovered by this scan.
    • userId string required
      The user ID who initiated the workflow run.
    • status enum required
      The current status of the workflow run.
      Values: running, failed, succeeded
    • startedAt string required
      The time the workflow run started.
    • finishedAt string required
      The time the workflow run finished, if completed.
    • lastUpdatedAt string required
      The time the workflow run was last updated.
    • jobTimeout string required
      The timeout for jobs in the workflow run.
    • jobs array[JobRun] optional
      The list of job runs within the workflow.
    • status enum required
      The current status of the job run
      Values: not-started, accepted, running, failed, succeeded, skipped
    • started string optional
      When the job started running
    • lastUpdated string optional
      When the job was last updated
    • timeout integer required
      The timeout duration for the job in nanoseconds (Go time.Duration).
    • steps array[StepRun] required
      The list of step runs within this job
    • worker object optional
      Information about the worker executing this job
    Errors: 404 Scan

    Get Scan Logs

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/scans/{scanId}/logs

    Returns log output for a specific Insights scan. Supports two modes: when the ‘job’ parameter is provided, returns step-level logs with job/step offsets; otherwise, uses continuationToken and count for paginated log retrieval.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • scanId string path required
      The scan identifier
    • continuationToken string query optional
      Continuation token for paginated results. Used when the ‘job’ parameter is not provided.
    • count integer query optional
      Number of log entries to return (must be between 1 and 500). Used when the ‘job’ parameter is not provided.
    • job integer query optional
      When provided, switches to step-based log retrieval. Specifies the job number whose step logs to fetch.
    • offset integer query optional
      Byte offset within the step’s log output. Used with the ‘job’ and ‘step’ parameters.
    • step integer query optional
      Step number within the specified job. Used with the ‘job’ parameter.

    Responses

    200 successful operation
    Schema: DeploymentLogsBase
    • __type string required
    Errors: 400 count must be less than 500 and more than 0 404 Account or Scan

    Get Insight Account Tags

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/tags

    Returns all tags for an Insights account as a key-value map.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    200 successful operation
    Schema: GetInsightAccountTagsResponse
    Errors: 404 Account

    Set Insight Account Tags

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/accounts/{accountName}/tags

    Atomically replaces all tags for an Insights account with the provided key-value pairs. For AWS parent accounts, tag changes cascade to all child accounts.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Request Body

    Schema: SetInsightAccountTagsRequest
    • tags map[string]string required
      The tags to set on the Insights account.

    Responses

    204 No Content
    Errors: 400 invalid tag name or value 403 Tags on child accounts are managed by the parent account 404 Account

    List Insights Account Teams

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/accounts/{accountName}/teams

    Returns the teams that have been granted access to an Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name

    Responses

    200 successful operation
    Schema: ListTeamsByInsightsAccountResponse
    • accountName string required
      The name of the Insights account
    • teams array[InsightsAccountTeam] required
      The list of teams with access to the account
    • name string required
      The team name
    • displayName string required
      The display name of the team
    • description string required
      The team description
    • permission enum required
      The team’s permission level for this account
      Values: 0, 1, 2, 3
    • isMember boolean required
      IsMember is true if the requesting user is a member of the team.

    Update Team Insights Account Permissions

    Preview. This endpoint is in preview and may change without notice.
    PATCH /api/preview/insights/{orgName}/accounts/{accountName}/teams/{teamName}

    Updates the permissions that a team has on an Insights account.

    Request Parameters

    • orgName string path required
      The organization name
    • accountName string path required
      The Insights account name
    • teamName string path required
      The team name

    Request Body

    Schema: UpdateTeamInsightsAccountPermissionsRequest
    • permissions enum optional
      Permissions the permissions that team membership grants to the account. Will overwrite any existing permissions the team grants to the account. A nil value will remove the account from the team.
      Values: 0, 1, 2, 3

    Responses

    204 No Content
    Errors: 400 team does not exist on the account

    Get Discovered Project

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/discovered-stacks/{projectName}

    Returns details for a discovered project, including its discovered stacks. Results are paginated; use the continuationToken from the response to fetch subsequent pages.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The discovered project name
    • continuationToken string query optional
      Opaque token for fetching the next page of stacks

    Responses

    200 OK
    Schema: GetDiscoveredProjectResponse
    • project DiscoveredProject required
      The discovered project details.
    • orgName string required
      The organization name.
    • name string required
      The discovered project name.
    • stacks array[DiscoveredStack] required
      The discovered stacks belonging to this project.
    • continuationToken string optional
      Opaque token for fetching the next page of stacks. Null when all stacks have been returned.
    Errors: 404 No discovered stacks found for this project

    Get Discovered Stack

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}

    Returns details for a single discovered stack.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The discovered project name
    • stackName string path required
      The discovered stack name

    Responses

    200 OK
    Schema: GetDiscoveredStackResponse
    • id string required
      The Discovered Stack ID.
    • orgName string required
      The organization name.
    • projectName string required
      The project name.
    • stackName string required
      The stack name.
    • resourceCount integer required
      Number of resources discovered in this stack.
    • provider string required
      The cloud provider package (e.g. ‘aws-cloudformation’, ‘azure-arm’).
    • tags map[string]string optional
      User-defined tags associated with the discovered stack.
    • lastScanTime integer optional
      Unix epoch timestamp (seconds) of the last scan. Omitted if never scanned.
    Errors: 404 Discovered stack not found

    Upsert Resource Migration Annotation

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}/migration

    Creates or updates a migration annotation on a discovered resource. The resource is identified by its URN in the request body. At least one of note or statusOverride must be non-empty; requests with both empty are rejected with 400. The statusOverride, if provided, must be Migrated or NotApplicable.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The discovered project name
    • stackName string path required
      The discovered stack name

    Request Body

    Schema: UpsertResourceMigrationAnnotationRequest
    • resourceUrn string required
      URN of the resource to annotate.
    • note string optional
      Free-text note about this resource. May be empty when only setting a status override.
    • statusOverride enum optional
      Override the computed migration status. Only Migrated and NotApplicable are valid values.
      Values: Migrated, PulumiOnly, Ready, Pending, Unmapped, NotApplicable
    • linkedResourceUrn string optional
      URN of the resource this one was migrated as part of.

    Responses

    204 No Content
    Errors: 400 Invalid request 404 Discovered stack not found

    Delete Resource Migration Annotation

    Preview. This endpoint is in preview and may change without notice.
    DELETE /api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}/migration

    Removes a migration annotation from a discovered resource. The resource is identified by its URN passed as a query parameter.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The discovered project name
    • stackName string path required
      The discovered stack name
    • resourceUrn string query required
      URN of the resource to remove the annotation from

    Responses

    204 No Content
    Errors: 404 Discovered stack or annotation not found

    List Discovered Stack Resources

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}/resources

    Returns the list of resources in a discovered stack, each annotated with a migrationStatus. When compareTo is provided, resource identities are matched against the target Pulumi stack.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The discovered project name
    • stackName string path required
      The discovered stack name
    • compareTo string query optional
      Pulumi stack to compare against in project/stack format. Must be in the same org.

    Responses

    200 OK
    Schema: ListDiscoveredStackResourcesResponse
    • resources array[DiscoveredResourceInfo] required
      The list of discovered resources in this page.
    • resource Resource required
      The resource, using the same shape as regular stack resources.
    • name string optional
      A human-friendly resource name derived from the cloud provider
    • originType string optional
      The native cloud resource type (e.g. ‘AWS::S3::Bucket’, ‘Microsoft.Storage/storageAccounts’).
    • managedBy string optional
      The orchestrator or tool that manages this resource (e.g. ‘CloudFormation’, ‘ARM’, ‘Pulumi’).
    • providerType string optional
      The mapped Pulumi provider type token (e.g. ‘aws:s3/bucket:Bucket’). Omitted when the resource has not been mapped to a Pulumi type.
    • virtualState map[string]object optional
      The Pulumi-compatible state, if available.
    • migrationStatus enum optional
      Migration status of the resource relative to the comparison stack.
      Values: Migrated, PulumiOnly, Ready, Pending, Unmapped, NotApplicable
    • annotation ResourceMigrationAnnotation optional
      User-created migration annotation, if any.
    • continuationToken string optional
      Opaque token for fetching the next page of resources.
    Errors: 404 Discovered stack not found

    Generate Import Code

    Preview. This endpoint is in preview and may change without notice.
    POST /api/preview/insights/{orgName}/import/code/generate

    Generates Pulumi code in the specified language to import discovered resources into a Pulumi stack.

    Request Parameters

    • orgName string path required
      The organization name

    Request Body

    Schema: InsightsImportCodeRequest
    • language string required
      The programming language for the generated import code
    • urns array[string] required
      The URNs of the resources to generate import code for

    Responses

    200 successful operation
    Schema: InsightsImportCodeResponse
    • code string required
      The generated import code
    Errors: 400 Invalid language or URNs

    Accept Insights Billing

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/insightstrial/accept

    Accepts Insights billing charges for the specified organization, enabling metered billing for resource discovery.

    Request Parameters

    • orgName string path required
      The organization name

    Responses

    204 No Content
    Errors: 400 Invalid request

    Terminate Insights Trial

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/insightstrial/deny

    Terminates the Insights trial for the organization and removes all associated accounts.

    Request Parameters

    • orgName string path required
      The organization name

    Responses

    204 No Content
    Errors: 400 Invalid request

    Get Insights Trial Summary

    Preview. This endpoint is in preview and may change without notice.
    GET /api/preview/insights/{orgName}/insightstrial/summary

    Returns a summary of the organization’s Insights trial usage, including resource counts and remaining trial capacity.

    Request Parameters

    • orgName string path required
      The organization name

    Responses

    200 successful operation
    Schema: TrialUsageSummary
    • dhrum ConsumptionUsage optional
      Discovered resources usage during the trial.
    • totalConsumed integer required
      The total consumed
    • consumed map[string]integer required
      The consumed amount
    • unitRateSchema enum required
      UnitRateSchema captures which pricing plan is associated with the product subscription, and further indicates which pricing rate structure should be read.
      Values: graduated-v0, graduated-v1, graduated-v2
    • unitRateGraduatedV0 UnitRateGraduatedV0 optional
      UnitRateGraduatedV0 will be populated for UnitRateSchemaGraduatedV0 plans.
    • unitRateGraduatedV1 UnitRateGraduatedV1 optional
      UnitRateGraduatedV1 will be populated for UnitRateSchemaGraduatedV1 plans.
    • unitRateGraduatedV2 UnitRateGraduatedV2 optional
      UnitRateGraduatedV2 will be populated for UnitRateSchemaGraduatedV2 plans.
    • statsV0 ConsumptionUsageStatsV0 optional
      StatsV0 are the usage statistics, and will be populated for graduated-v0 plans.
    • statsV1 ConsumptionUsageStatsV1 optional
      StatsV1 are the usage statistics, and will be populated for graduated-v1 plans.
    • insightsScans ConsumptionUsage optional
      Insights scans usage during the trial.
    • totalConsumed integer required
      The total consumed
    • consumed map[string]integer required
      The consumed amount
    • unitRateSchema enum required
      UnitRateSchema captures which pricing plan is associated with the product subscription, and further indicates which pricing rate structure should be read.
      Values: graduated-v0, graduated-v1, graduated-v2
    • unitRateGraduatedV0 UnitRateGraduatedV0 optional
      UnitRateGraduatedV0 will be populated for UnitRateSchemaGraduatedV0 plans.
    • unitRateGraduatedV1 UnitRateGraduatedV1 optional
      UnitRateGraduatedV1 will be populated for UnitRateSchemaGraduatedV1 plans.
    • unitRateGraduatedV2 UnitRateGraduatedV2 optional
      UnitRateGraduatedV2 will be populated for UnitRateSchemaGraduatedV2 plans.
    • statsV0 ConsumptionUsageStatsV0 optional
      StatsV0 are the usage statistics, and will be populated for graduated-v0 plans.
    • statsV1 ConsumptionUsageStatsV1 optional
      StatsV1 are the usage statistics, and will be populated for graduated-v1 plans.
    Errors: 400 Invalid request

    Update Stack Policy Results

    Preview. This endpoint is in preview and may change without notice.
    PUT /api/preview/insights/{orgName}/policy/stacks/{projectName}/{stackName}/updates/{version}/results

    Updates the policy evaluation results for a specific stack update version.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The project name
    • stackName string path required
      The stack name
    • version integer path required
      The stack update version number identifying a specific Pulumi update operation

    Request Body

    Schema: UpdateStackPolicyResultsRequest
    • claimId string required
      The claim ID for the policy evaluation.
    • results InsightsPolicyResults required
      The policy evaluation results.
    • succeeded boolean required
      Whether the policy evaluation succeeded without violations
    • violations array[InsightsPolicyViolation] optional
      The list of policy violations found, if any

    Responses

    204 No Content
    Errors: 400 invalid 'version' parameter 404 Program Update