Cloud Account APIs for AWS Cloud Native Protection

The Rubrik GraphQL API provides queries and mutations to manage cloud accounts.

For all the GQL queries and mutations mentioned below, reference the API documentation.

Adding an AWS cloud account

To add a cloud account using APIs, do the following:

  1. Use the finalizeAwsCloudAccountProtection mutation to initiate cloud account addition.
  2. Use the awsTrustPolicy query to get trust policies.
  3. Use the allAwsPermissionPolicies query to get the permission policies.
  4. Using these trust and permission policies, create an IAM cross-account role in AWS.
  5. If you are adding Exocompute feature, create and attach an instance profile to the Exocompute worker node role.
  6. Use the registerAwsFeatureArtifacts mutation to register these artificats you have created on AWS.
  7. Go to the RSC UI and verify the new cloud account.

Deleting an AWS cloud account

To delete a cloud account using APIs, do the following:

  1. Use the awsArtifactsToDelete query to get a list of artifacts to be deleted from your AWS account.
  2. Delete those artifacts from AWS.
  3. In RSC UI, from the Settings page, disable the cloud account to be deleted.
  4. Use the bulkDeleteAwsCloudAccountWithoutCft mutation to delete the account.