Trigger Analysis
You can trigger an account analysis using the k9 API with:
POST /customer/{customer_id}/account/{account_id}/analysis
When you successfully trigger an account analysis, k9 will immediately return an execution id. k9 will deliver the analysis to your secure inbox once it is complete. An incremental analysis generally takes at least 10 minutes for small accounts and up to 2 hours for large accounts.
Request Headers
Set the Content-Type header to application/json
Request Path Parameters
The account analysis API requires two path parameters:
customer_id: the k9 Customer ID that owns the account to analyze, e.g. C123456 or C54321
Type: String
Pattern: C[\d]{5,6}
account_id: the AWS account ID to analyze, e.g. 123456789012
Type: String
Pattern: [\d]{12}
Request Body
Populate the request body with a json document like:
{
"customerId": "{customer_id}",
"accountId": "{account_id}"
}
Note that while this body currently duplicates information from the request path, we plan to allow you to scope the analysis request to specific principals and resources in the future.
Response
Success
When you successfully trigger an account analysis, the API will respond with:
Response Status Code: 202 (Accepted)
Response Body (Example):
{
"customerId": "{customer_id}",
"accountId": "{account_id}",
"executionId": "ondemand-{customer_id}-{account_id}-{START_YYYY-MM-DD}_{RANDSTR}"
}
The executionId is a token the caller can use to identify this analysis. The executionId is meant to be opaque to machines, but useful to people. It identifies the analysis' k9 Customer ID, AWS account ID, the date the analysis was started (UTC), and a random 4-character suffix.
Example executionId: ondemand-C123456-123456789012-2022-11-11_ONO2.
Not Authorized
If the calling principal is not authorized to trigger an analysis, the API will respond with:
Response Status Code: 403 (Forbidden)
Response Body (Example):
{
"message": "Caller is not authorized to trigger analysis for k9 customerId (C123456)"
}