UAP SCA policy CLI workflow¶
Here is an example workflow for adding a UAP SCA policy via the CLI:
- Install Ark SDK:
pip3 install ark-sdk-python - Create a profile:
- Interactively:
ark configure - Silently:
ark configure --silent --work-with-isp --isp-username myuser
- Interactively:
- Log in to Ark:
ark login --silent --isp-secret <my-ark-secret> -
Create UAP SCA Policy using a defined json file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
{ "metadata": { "name": "Cool Cloud Policy", "description": "Cool Cloud Policy Description", "policyTags": [ "cool_tag", "cool_tag2" ], "policyEntitlement": { "targetCategory": "Cloud console", "locationType": "AWS", "policyType": "Recurring" }, "timeFrame": { "fromTime": null, "toTime": null }, "status": { "status": "Validating", "statusCode": null, "statusDescription": "Example status description", "link": null } }, "principals": [ { "id": "c2c7bcc6-9560-44e0-8dff-5be221cd37ee", "name": "user@cyberark.cloud.12345", "type": "User", "sourceDirectoryName": "CyberArk Cloud Directory", "sourceDirectoryId": "09B9A9B0-6CE8-465F-AB03-65766D33B05E" } ], "conditions": { "accessWindow": { "daysOfTheWeek": [ 0, 1, 2, 3, 4, 5, 6 ], "fromHour": "05:00:00", "toHour": "23:59:00" }, "maxSessionDuration": 2 }, "delegationClassification": "Unrestricted", "targets": { "awsAccountTargets": [ { "roleId": "arn:aws:iam::123456789012:role/RoleName", "workspaceId": "123456789012", "roleName": "RoleName", "workspaceName": "WorkspaceName" } ] } }1ark exec --request-file /path/to/policy-request.json uap sca add-policy