Scan Endpoints¶
POST /api/scan¶
Run an infrastructure drift scan.
Request¶
curl -X POST http://localhost:8080/api/scan \
-H "Content-Type: application/json" \
-d '{
"service": "s3",
"config_path": "/etc/cloudrift/config/cloudrift-s3.yml"
}'
Body Parameters:
| Field | Type | Required | Description |
|---|---|---|---|
service | string | yes | AWS service to scan (s3, ec2) |
config_path | string | yes | Path to cloudrift YAML config file |
policy_dir | string | no | Custom OPA policy directory |
skip_policies | bool | no | Skip policy evaluation |
Response (200)¶
{
"scan_summary": {
"service": "s3",
"total_resources": 5,
"drifted_resources": 2,
"total_violations": 8,
"scan_duration_ms": 1234
},
"resources": [
{
"resource_type": "aws_s3_bucket",
"resource_name": "my-bucket",
"drift": {
"added": [],
"removed": [],
"changed": [
{
"attribute": "versioning.enabled",
"expected": "true",
"actual": "false"
}
]
},
"violations": [
{
"policy_id": "S3-001",
"policy_name": "S3 Encryption Required",
"severity": "HIGH",
"message": "S3 bucket must have server-side encryption enabled"
}
]
}
],
"compliance": {
"hipaa": { "score": 85.0, "passing": 19, "total": 22 },
"gdpr": { "score": 90.0, "passing": 15, "total": 17 },
"iso_27001": { "score": 78.0, "passing": 25, "total": 32 },
"pci_dss": { "score": 82.0, "passing": 28, "total": 34 },
"soc2": { "score": 75.0, "passing": 37, "total": 49 }
}
}
Error Response (400/500)¶
GET /api/health¶
Check if the Cloudrift CLI binary is available.
Request¶
Response (200)¶
If the CLI binary is not found or not executable, available will be false.
GET /api/version¶
Get the Cloudrift CLI version string.
Request¶
Response (200)¶
Returns the output of cloudrift --version.