Canary API Docs

# AWS S3 Bucket Canarytoken ARN ignore list

An AWS S3 Bucket Canarytoken monitors an S3 bucket of your choosing and generates an alert when that bucket is accessed.

The Amazon Resource Names (ARNs) of AWS resources that legitimately need access to the bucket can be added to the ARN ignore list of the Canarytoken, preventing alerts from being generated when they access the bucket.

AWS S3 Bucket ARN Ignore

Endpoints
POST /api/v1/canarytokens/s3bucket/ignorelist/disable
POST /api/v1/canarytokens/s3bucket/ignorelist/enable
GET /api/v1/canarytokens/s3bucket/ignorelist/fetch
POST /api/v1/canarytokens/s3bucket/ignorelist/save

# Disable the ARN ignore list for a specific AWS S3 Bucket Canarytoken

POST /api/v1/canarytokens/s3bucket/ignorelist/disable

Disable the ARN ignore list for a specific AWS S3 Bucket Canarytoken.

Required Parameters

auth_token string
A valid auth token
flock_id string
A valid flock_id
canarytoken string
A valid AWS S3 Bucket Canarytoken

Response

A JSON structure with result indicator.

Example

curl https://EXAMPLE.canary.tools/api/v1/canarytokens/s3bucket/ignorelist/disable \
  -d auth_token=EXAMPLE_AUTH_TOKEN \
  -d flock_id=flock:default \
  -d canarytoken=EXAMPLE_AWS_S3_BUCKET_CANARYTOKEN

  
        Copied!
1
2
3
4
Response
{
  "result": "success"
}

  
        Copied!
1
2
3

# Enable the ARN ignore list for a specific AWS S3 Bucket Canarytoken

POST /api/v1/canarytokens/s3bucket/ignorelist/enable

Enable the ARN ignore list for a specific AWS S3 Bucket Canarytoken.

Required Parameters

auth_token string
A valid auth token
flock_id string
A valid flock_id
canarytoken string
A valid AWS S3 Bucket Canarytoken

Response

A JSON structure with result indicator.

Example

curl https://EXAMPLE.canary.tools/api/v1/canarytokens/s3bucket/ignorelist/enable \
  -d auth_token=EXAMPLE_AUTH_TOKEN \
  -d flock_id=flock:default \
  -d canarytoken=EXAMPLE_AWS_S3_BUCKET_CANARYTOKEN

  
        Copied!
1
2
3
4
Response
{
  "result": "success"
}

  
        Copied!
1
2
3

# Fetch an AWS S3 Bucket Canarytoken ARN Ignore List

GET /api/v1/canarytokens/s3bucket/ignorelist/fetch

Fetch the ARN ignore list for a specific AWS S3 Bucket Canarytoken.

Required Parameters

auth_token string
A valid auth token
flock_id string
A valid flock_id
canarytoken string
A valid AWS S3 Bucket Canarytoken

Response

A JSON structure containing the ARN ignore list for the specified AWS S3 Bucket Canarytoken.

Example

curl https://EXAMPLE.canary.tools/api/v1/canarytokens/s3bucket/ignorelist/fetch \
  -d auth_token=EXAMPLE_AUTH_TOKEN \
  -d flock_id=flock:default \
  -d canarytoken=EXAMPLE_AWS_S3_BUCKET_CANARYTOKEN \
  -G

  
        Copied!
1
2
3
4
5
Response
{
  "ignore_lists": {
    "enabled": "true",
    "ignores": "arn:aws:sts:us-east-1:*:role/*"
  },
  "result": "success"
}

  
        Copied!
1
2
3
4
5
6
7

# Save an AWS S3 Bucket Canarytoken ARN Ignore List

POST /api/v1/canarytokens/s3bucket/ignorelist/save

Save a new ARN ignore list for a specific AWS S3 Bucket Canarytoken.

Required Parameters

auth_token string
A valid auth token
flock_id string
A valid flock_id
canarytoken string
A valid AWS S3 Bucket Canarytoken

Optional Parameters

ignores string
A space separated list of ARNs or ARN patterns.

WARNING

Sending through a save without ignores, will assume you want to blank previously set values.

Response

A JSON structure with result indicator.

Example

curl https://EXAMPLE.canary.tools/api/v1/canarytokens/s3bucket/ignorelist/save \
  -d auth_token=EXAMPLE_AUTH_TOKEN \
  -d flock_id=flock:default \
  -d canarytoken=EXAMPLE_AWS_S3_BUCKET_CANARYTOKEN \
  -d ignores='arn:aws:sts:us-east-1:123456789012:example/folder arn:aws-cn:iam::123456789012:example/folder'

  
        Copied!
1
2
3
4
5
Response
{
  "result": "success"
}

  
        Copied!
1
2
3

Factory