CreateCase
Creates a new case.
Request Syntax
POST /v1/create-case HTTP/1.1
Content-type: application/json
{
"clientToken": "string",
"description": "string",
"engagementType": "string",
"impactedAccounts": [ "string" ],
"impactedAwsRegions": [
{
"region": "string"
}
],
"impactedServices": [ "string" ],
"reportedIncidentStartDate": number,
"resolverType": "string",
"tags": {
"string" : "string"
},
"threatActorIpAddresses": [
{
"ipAddress": "string",
"userAgent": "string"
}
],
"title": "string",
"watchers": [
{
"email": "string",
"jobTitle": "string",
"name": "string"
}
]
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- clientToken
-
Note
The
clientTokenfield is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Required: No
- description
-
Required element used in combination with CreateCase
to provide a description for the new case.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 8000.
Required: Yes
- engagementType
-
Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
Type: String
Valid Values:
Security Incident | InvestigationRequired: Yes
- impactedAccounts
-
Required element used in combination with CreateCase to provide a list of impacted accounts.
Note
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123which is nine digits, and with zero-prepend would be000123123123. Not zero-prepending to 12 digits could result in errors.Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Length Constraints: Fixed length of 12.
Pattern:
[0-9]{12}Required: Yes
- impactedAwsRegions
-
An optional element used in combination with CreateCase to provide a list of impacted regions.
Type: Array of ImpactedAwsRegion objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
- impactedServices
-
An optional element used in combination with CreateCase to provide a list of services impacted.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 600 items.
Length Constraints: Minimum length of 2. Maximum length of 50.
Pattern:
[a-zA-Z0-9 -.():]+Required: No
- reportedIncidentStartDate
-
Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
Type: Timestamp
Required: Yes
- resolverType
-
Required element used in combination with CreateCase to identify the resolver type.
Type: String
Valid Values:
AWS | SelfRequired: Yes
-
An optional element used in combination with CreateCase to add customer specified tags to a case.
Type: String to string map
Map Entries: Minimum number of 0 items. Maximum number of 200 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
Required: No
- threatActorIpAddresses
-
An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
Type: Array of ThreatActorIp objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
- title
-
Required element used in combination with CreateCase to provide a title for the new case.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 300.
Required: Yes
- watchers
-
Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
Type: Array of Watcher objects
Array Members: Minimum number of 0 items. Maximum number of 30 items.
Required: Yes
Response Syntax
HTTP/1.1 201
Content-type: application/json
{
"caseId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 201 response.
The following data is returned in JSON format by the service.
- caseId
-
A response element providing responses for requests to CreateCase. This element responds with the case ID.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 32.
Pattern:
\d{10,32}.*
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
- message
-
The ID of the resource which lead to the access denial.
HTTP Status Code: 403
- ConflictException
-
- message
-
The exception message.
- resourceId
-
The ID of the conflicting resource.
- resourceType
-
The type of the conflicting resource.
HTTP Status Code: 409
- InternalServerException
-
- message
-
The exception message.
- retryAfterSeconds
-
The number of seconds after which to retry the request.
HTTP Status Code: 500
- InvalidTokenException
-
- message
-
The exception message.
HTTP Status Code: 423
- ResourceNotFoundException
-
- message
-
The exception message.
HTTP Status Code: 404
- SecurityIncidentResponseNotActiveException
-
- message
-
The exception message.
HTTP Status Code: 400
- ServiceQuotaExceededException
-
- message
-
The exception message.
- quotaCode
-
The code of the quota.
- resourceId
-
The ID of the requested resource which lead to the service quota exception.
- resourceType
-
The type of the requested resource which lead to the service quota exception.
- serviceCode
-
The service code of the quota.
HTTP Status Code: 402
- ThrottlingException
-
- message
-
The exception message.
- quotaCode
-
The quota code of the exception.
- retryAfterSeconds
-
The number of seconds after which to retry the request.
- serviceCode
-
The service code of the exception.
HTTP Status Code: 429
- ValidationException
-
- fieldList
-
The fields which lead to the exception.
- message
-
The exception message.
- reason
-
The reason for the exception.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
