Premium Plan Users

To use the CloudSploit API to view past results and initiate realtime scans for connected accounts, you must be a Premium Plan subscriber. If you have not already upgraded your account, you must do so from the "Settings" page. For more details on upgrading your account, click here.

Note: Only account admins can submit or change payment information and change the account plan.

After upgrading to a Premium Plan, you should ensure that your AWS account is properly connected to CloudSploit and marked as an upgraded connection. This is done on the "AWS Accounts" page.

Now that you have upgraded accounts, you will need to generate an API key. This is done from the "API Keys" page. Click the button to generate a new API key.

A dialog box will appear with the API key and secret. Be sure to write down the secret because it will not be shown again.

You now have an API key/secret pair that you can use to make requests against your account.

Security Notice: Be sure to guard your secret carefully. The API key/secret will have access to all connected AWS accounts in your CloudSploit account, so do not share it externally or with users who do not have permission to view all accounts.

API-Only Plan Users

API-only plan users do not have to have connected accounts. Instead, you can use the CloudSploit API to scan an arbitrary AWS account by providing an AWS access key/secret combination or an IAM role and external ID (preferred). Before gaining access to the API, you will need to contact CloudSploit support to negotiate an API rate limit and monthly or yearly pricing. To do so, simply open a ticket with us and we will work with you to determine your use case.

Once you engage CloudSploit support, we will upgrade your account to an API-only plan. You can then create a new API key (following the same steps for Premium Plan users above). This key will be marked as "Open Access" meaning it can scan any AWS account (with the correct credentials), not just those previously connected to CloudSploit.

Your API key and secret can then be used to query the CloudSploit API.