Skip to main content
Discovery: AWS API targets

Automatically identify AWS targets that need an API schema

Updated over a month ago

Assuming you have landed here, having completed steps 1 - 9 of Creating an IAM role for Intruder, below are the steps you need to follow to ensure that we can identify APIs in your cloud account.

Head back to your AWS console > Select the role linked to your Intruder account

  1. Select Add permissions > Create inline policy

  2. Select Service: API Gateway V2

  3. Scroll down to Access level > Read and select all options available (in this example: All read actions + GET):

  4. Select 'Add more permissions' > Service: API Gateway

  5. 5. Scroll down to Access level > Read and select all options available (in this example: All read actions + GET):

  6. Select Resources > All . Then click Next to take you to the next window.

  7. Add policy name > click Create policy

  8. ✨ Voila, you should see that policy added to the role you created earlier.


What does it look like in the portal?

Targets overview page

Head to the Targets page > click API detected and you'll see them listed (though please note, this list also includes targets where we've detected a login page on targets that have not been added as web apps).

Targets > Cloud assets > Asset details:

If we detect an API, you'll see a small tool tip next to the target, as shown below:

Notifications tab:
You'll also see a message in the notifications feed

Did this answer your question?