Filters

Last modified on November 25, 2024

Filters allow you to narrow request results when programmatically interacting with StrongDM via the CLI or the API. This article describes how to use filters with the sdm admin CLI commands, including proper syntax, usage examples, and available filter parameters and values.

For information on how to use filters in API requests with any of StrongDM’s SDKs, please consult the documentation for the specific tool you wish to use.

Syntax and Filtering Considerations

Filters are specified in sdm admin CLI commands with the --filter flag followed by the field and the value on which you want to filter.

Example:

sdm admin users list --filter '<FIELD>:<VALUE>'

Let’s say, for example, that your organization has 50 users whose first name is Sam, and you want to list only those people. To do that, run the command with the filter set as follows:

sdm admin users list --filter 'firstname:sam'

Possible filter fields and values are described in section Filter Parameters by Entity and section Potential Resource Type Values.

Wildcards

The --filter flag accepts wildcard (*) values for certain fields, such as name and email. For example, you can use a filter and wildcard to list only users whose email address ends with @strongdm.com:

sdm admin users list --filter 'email:*@strongdm.com'

Special characters

Special characters must be properly escaped using quotation marks. Additionally, multi-word names in filters must be encapsulated in quotation marks. For example, name:"Foo Bar" is correct, and name:Foo Bar is not.

Case

Filters are case-insensitive. Uppercase and lowercase values return the same results.

Terminal syntax differences

The terminal programs on different operating systems use syntax that can vary slightly. For example, using the --filter flag requires the following syntax for most macOS or Linux terminals:

--filter 'verb:"user added"'

Command Prompt on Windows, however, requires the following formatting for the same command:

--filter "verb:\"*user added*\""

In Powershell, the following formatting is needed for the same command:

--filter 'verb:"*user*added*"'

The examples presented throughout the documentation primarily use the first syntax example given (for macOS or Linux) for CLI command examples. If your command is not working, verify that you are following the appropriate syntax rules for your terminal program when it comes to quoting, escaping, flagging, and similar operations.

Date/Time format

Our system can parse the date (year, month, day) and time (hours, minutes, seconds) in a variety of formats. Examples of some accepted formats include the following:

  • 2024-01-01 00:00:00 UTC
  • 01 January 2024 00:00
  • 2024-01-01T12:00:00Z

When filtering based on date and time, an acceptable format must be used. It’s optional to provide the time.

Example:

sdm audit activities --filter 'after:2024-01-01'

An error message is returned if you are not using a valid format: Could not find format and will need to structure your date in a different way.

Usage Examples

This section provides examples of various ways to use single filters and multiple filters with the sdm admin management commands.

List servers by name

The following example command shows how you can apply a filter to list all servers with a name that includes the word “admin.” Note the use of wildcards around “admin.”

$ sdm admin servers list --filter 'name:*admin*'
Server ID               Name                           Type
rs-03ad1e1b240c85c1     azure-gateway - CA (admin)     sshCert
rs-7bb96dd41d9ac70b     azure-gateway-admin            ssh

Show only sshCert servers

In the following example, the type filter is used to list SSH Certificate-type servers:

$ sdm admin servers list --filter 'type:sshCert'
Server ID               Name                           Type
rs-1b08901ed124e296     azure-gateway                  sshCert
rs-2b73c2267a7e1379     azure-gateway - CA (root)      sshCert
rs-03ad1e1b240c85c1     azure-gateway - CA (admin)     sshCert

Use multiple filters

The following example uses two filters, one for type and one for name, to list SSH Certificate-type servers that have admin in their name:

$ sdm admin servers list --filter 'type:sshCert,name:*admin*'
Server ID               Name                           Type
rs-03ad1e1b240c85c1     azure-gateway - CA (admin)     sshCert

Use multiple flags for multiple filters

You can also provide filters as separate flags to achieve the same results, as in the following example:

$ sdm admin servers list --filter 'type:sshCert' --filter 'name:*admin*'
Server ID               Name                           Type
rs-03ad1e1b240c85c1     azure-gateway - CA (admin)     sshCert

Filter based on ID

When id is used as a filter, results return any matching results. Because every ID is unique, it would be impossible to match more than one simultaneously if multiple id filters are provided.

In the example shown, you can see that listing servers and filtering by id results in a list of all servers that have the specified IDs.

$ sdm admin servers list --filter 'id:rs-1b08901ed124e296' --filter 'id:rs-2b73c2267a7e1379' --filter 'id:rs-03ad1e1b240c85c1'
Server ID               Name                           Type
rs-1b08901ed124e296     azure-gateway - CA             sshCert
rs-2b73c2267a7e1379     azure-gateway - CA (Copy)      sshCert
rs-03ad1e1b240c85c1     azure-gateway - CA (admin)     sshCert

Bulk operations examples

You can use filters to assist with various bulk actions, such as showing all websites for a given hostname, deleting a group of resources, and so forth. This section includes some examples of such bulk operations.

Update multiple resources

You may use filters to do batch updates on multiple resources.

In the following example, an Update command is used with the --filter and --tags flags to add the env=public tag to all HTTP (No Auth) type-websites:

$ sdm admin websites update --filter 'type:httpnoauth' --tags 'env=public'
changed 4 out of 4 matching datasources

To check that the env=public tag has been applied to the correct websites, you can filter for all websites with the type httpnoauth, as in the following example:

$ sdm admin websites list --filter 'type:httpnoauth'
Website ID              Name                    Type           Tags
rs-3b34c199bef73d19     google                  httpNoAuth     env=public
rs-000000000004682d     ksql control center     httpNoAuth     env=public
rs-4d1c88780405f0ad     potato                  httpNoAuth     env=public
rs-000000000004d17f     support kibana          httpNoAuth     env=public

Delete multiple resources

You can use the --filter flag to delete a group of the same resources that have something in common. The filter specifies what they have in common, such as an assigned tag or the resource type.

In the example shown, the --filter flag is used to delete all the websites that are tagged with env=public.

$ sdm admin websites delete --filter 'tags:env=public' --apply
deleted 4 datasources

JSON Filters

For larger or more complex search queries, you can use a JSON file to define your list of filters. Commands that point to JSON files use the --filter-json flag instead of --filter.

Example:

sdm admin datasources list --filter-json <PATH_TO_JSON_FILE>

Let’s say that you want to list a specific datasource and all PostgreSQL datasources that have been assigned the region=EU tag. Your command includes the --filter-json flag and the path to the JSON filter file:

sdm admin datasources list --filter-json /Users/alice.glick/Documents/example.json

The JSON filter file includes several filter parameters and their values, as in the following example:

[
    {
        "ids": [
            "rs-0835300a78ea36a0"
        ]
    },
    {
        "type": "postgres",
        "tags": {
            "region": "EU"
        }
    }
]

Note that the JSON-based filter is the union of filters, whose attributes are additive. In this example, results of the filter file are the union of one datasource (id = rs-0835300a78ea36a0) and all datasources whose type is postgres and contain the region=EU tag.

Filters Help

You can use the --filters-help option with any CLI command that has filters to show all possible filters and usage examples. This option enables you to see filters with proper syntax, in context, without leaving the CLI. The --filters-help option is supported for all CLI commands that have the --filter option.

The output varies based on entity type. In the example shown, sdm admin datasources list --filters-help returns all possible filters that can be used to filter a list of datasources.

Example:

$ sdm admin datasources list --filters-help
Filters:
assigned                    true
bindAddress                 127.0.0.1:2022
bindInterface               127.0.0.1
discoveryEnabled            true
hasRequest                  true
healthy                     true
hostname                    www.example.com
http_subdomain              internalsite
id                          rs-e1b2
identity_enabled            true
identity_set_id             ig-e1b2
inPeeringGroup              true
lockStatus                  locked
name                        dev-db2
port                        5432
port_override               15432
secretStoreId               se-e1b2
tags                        k=v
type                        postgres
userAccess                  available
username                    admin
vnmMode                     true
workflow                    aw-e1b2

Filter Parameters by Entity

Fields available to filter on vary by entity type. This section describes all possible filter parameters for the following entity types:

  • Access requests
  • Accounts (users and services)
  • Activities
  • Healthchecks
  • Nodes (gateways and relays)
  • Queries
  • Permissions (account resources)
  • Resources (clouds, clusters, datasources, servers, websites)
  • Roles
  • Workflows (including workflow approvers, workflow assignments, and workflow roles)

Supported data types for filter values

Data typeDescription
BooleanTrue or false values, including true, false, t, f, 1, and 0
DatetimeSeries of values representing the date (year, month, day) and time (hours, minutes, seconds)
EmailText values that are properly formatted email addresses
IPSupports IPv4 address with or without port
KVPKey-value pair in the format title=value
StringAny non-null value
URLData that follows the pattern of a URL

Access requests

FieldDescriptionValue typeUsage example
accountAccount ID of the user requesting access to the resourceStringsdm access requests --filter 'account:aq-e1b2'
assignedResources assigned (true) or unassigned (false) to a workflowBooleansdm access catalog --filter 'assigned:true'
bindAddressIP address to which the resource is bound, and port, in the 127.0.0.1 to 127.255.255.254 IP address range; default is 127.0.0.1IPsdm access catalog --filter 'bindAddress:127.0.0.1:2022'
bindInterfaceIP address to which the resource is bound, in the 127.0.0.1 to 127.255.255.254 IP address range; default is 127.0.0.1IPsdm access catalog --filter 'bindInterface:127.0.0.1'
hasRequestResources that users have requested to access (true) or not (false)Booleansdm access catalog --filter 'hasRequest:true'
healthyHealth status of the resource being requested to accessBooleansdm access catalog --filter 'healthy:false'
hostnameHostname of the resource; for websites, the URL of the websiteURLsdm access catalog --filter 'hostname:www.example.com'
http_subdomainOrganization’s web domain valueStringsdm access catalog --filter 'http_subdomain:internalsite'
idID of the resourceStringsdm access catalog --filter 'id:rs-e1b2'
identity_enabledMethod of authentication for the resource, either Identity Aliases (true) or leased credentials (false)Booleansdm access catalog --filter 'identity_enabled:true'
identity_set_idID of the Identity Set, if the resource’s method of authentication is set to Identity AliasesStringsdm access catalog --filter 'identity_set_id:ig-e1b2'
inPeeringGroupResources that are attached to a peering group (true) or unattached to a peering group (false)Booleansdm access catalog --filter 'inPeeringGroup:true'
lockStatusLock status of the resource (locked or unlocked)Stringsdm access catalog --filter 'lockStatus:locked'
nameName of the resourceStringsdm access catalog --filter 'name:dev-db2'
portPort numberNumbersdm access catalog --filter 'port:5432'
port_overridePort override to which the resource is boundNumbersdm access catalog --filter 'port_override:15432'
requestRequested account or resource nameStringsdm access requests --filter 'request:redis'
secretStoreIdSecret store identifier for the resource; use sdm admin secretstores list to get itStringsdm access catalog --filter 'secretStoreId:se-e1b2'
statusStatus of the request to access the resource (pending, approved, denied, canceled, or timed out)Stringsdm access requests --filter 'status:"timed out"'
submittedAfterDate/time after the request to access the resource was submittedStringsdm access requests --filter 'submittedAfter:2024-01-01T12:00:00Z'
submittedBeforeDate/time before the request to access the resource was submittedStringsdm access requests --filter 'submittedBefore:2024-01-01T12:00:00Z'
tagsResource tags assigned to the resourceKVPsdm access catalog --filter 'tags:k=v'
targetResource ID of the target resourceStringsdm access requests --filter 'target:rs-e1b2'
typeSpecific type of resource (for example, sshCert, redis, and so forth)Stringsdm access catalog --filter 'type:postgres'
userAccessResources available for users to request access to themStringsdm access catalog --filter 'userAccess:available'
usernameUsername to be used for authentication to the resourceStringsdm access catalog --filter 'username:admin'
vnmModeResources that are configured to use Virtual Networking Mode (true) or not (false)Booleansdm access catalog --filter 'vnmMode:true'
workflowWorkflow ID of the workflow to which the resource is assignedStringsdm access catalog --filter 'workflow:aw-e1b2'

Accounts - users and service accounts

FieldDescriptionValue typeUsage example
activeUsers who have (true) or have not (false) actively used StrongDM in the last 90 daysBooleansdm admin users list --filter 'active:false'
approverUsers who have the ability to approve requests for workflowsBooleansdm admin users list --filter 'approver:true'
emailUser’s email addressEmailsdm admin users list --filter 'email:alice.glick@strongdm.com'
firstNameUser’s first nameStringsdm admin users list --filter 'firstName:alice'
fullNameUser’s full name (first and last) or the service account’s nameStringsdm admin services list --filter 'fullName:*Service
hasRequestUsers who have (true) or have not (false) requested access to resourcesBooleansdm admin users list --filter 'hasRequest:true'
hasTemporaryAccessUsers who have temporary access to resourcesBooleansdm admin users list --filter 'hasTemporaryAccess:true'
idUser IDStringsdm admin users list --filter 'id:a-005c9fd06213dba8'
inNoRolesUsers who have no assigned roleBooleansdm admin users list --filter 'inNoRoles:true'
lastNameUser’s last nameStringsdm admin users list --filter 'lastName:glick'
lockedUsers who are locked out or not from StrongDMBooleansdm admin users list --filter 'locked:true'
managedUsers who are managed and provisioned by StrongDM (false) or managed and provisioned by a third-party identity provider (true) such as OktaBooleansdm admin users list --filter 'managed:false'
newUsers who have been created but not yet logged inBooleansdm admin users list --filter 'new:true'
permissionLevelUser’s permission level (admin, admin-token, auditor, database-admin, multi-team-leader, relay, service, suspended, scim-token, or user)Stringsdm admin users list --filter 'permissionLevel:database-admin'
roleIDRole IDStringsdm admin users list --filter 'roleID:r-e1b2'
suspendedUser’s statusBooleansdm admin users list --filter 'suspended:true'
tagsTags assigned to the user; supports wildcards (*); tag values containing commas must be inside quotesKVPsdm admin users list --filter 'tags:region="useast,uswest"'
typeType of account (user or service)Stringsdm admin users list --filter 'type:user'
workflowIDsReturns all accounts that are assigned as explicit approvers for any of the provided workflowIDsStringsdm admin users list --filter 'workflowIDs:aw-e1b2'

Activities

FieldDescriptionValue typeUsage example
actor_idUser or service account IDStringsdm audit activities --filter 'actor_id:a-e1b2'
afterActivities logged after the specified date and timeDatetimesdm audit activities --filter 'after:2024-01-01T12:00:00Z'
beforeActivities logged before the specified date and timeDatetimesdm audit activities --filter 'before:2024-01-01T12:00:00Z'
contentActivity log contentsStringsdm audit activities --filter 'content:user addded or something detailed happened'
descriptionActivity log descriptionStringsdm audit activities --filter 'description:something detailed happened'
idActivity log identifierStringsdm audit activities --filter 'id:at-e1b2'
ipIP address of the userIPsdm audit activities --filter 'ip:127.0.0.1'
verbShort string that can be used to filter or group activities by the action that is being takenStringsdm audit activities --filter 'verb:user added'

Healthchecks

FieldDescriptionValue typeUsage example
healthyHealthy status of a node or resourceBooleansdm healthchecks list --filter 'healthy:false'
nodeIdID of the gateway or relayStringsdm healthchecks list --filter 'nodeId:n-e1b2'
nodeNameName of the gateway or relayStringsdm healthchecks list --filter 'nodeName:sdmNode14'
resourceIDResource IDStringsdm healthchecks list --filter 'resourceID:r-e1b2'
resourceNameResource nameStringsdm healthchecks list --filter 'resourceName:database123'

Nodes - gateways and relays

FieldDescriptionValue typeUsage example
bindaddrBind address; note that this parameter is only for gatewaysIPsdm admin nodes list gateways --filter 'bindaddr:0.0.0.0:5000'
idID of the gateway or relayStringsdm admin nodes list --filter 'id:n-123abc4d567e89fg'
listenaddrIP or host address that the gateway listens on; this parameter is only for gateways, as relays do not listen for client connectionsIP, URLsdm admin gateways --filter 'listenaddr:ec2-1-23-456-78.compute-1.amazonaws.com:5000'
nameName of the gateway or relayStringsdm admin nodes list --filter 'name:docs'
onlineStatus of the gateway or relayBooleansdm admin nodes list --filter 'online:false'
tagsResource tags assigned to the gateway or relayKVPsdm admin nodes list --filter 'tag:env=dev'
typeNode type (gateway or relay)Stringsdm admin nodes list --filter 'type:relay'

Permissions

FieldDescriptionValue typeUsage example
account_grant_idAccount grant IDStringsdm audit permissions --filter 'account_grant_id:ag-e1b2'
account_idUser or service account IDStringsdm audit permissions --filter 'account_id:a-e1b2'
granted_afterPermissions granted after the specified date and timeDatetimesdm audit permissions --filter 'granted_after:2024-01-01T12:00:00Z'
granted_beforePermissions granted before the specified date and timeDatetimesdm audit permissions --filter 'granted_before:2024-01-01T12:00:00Z'
resource_idResource IDStringsdm audit permissions --filter 'resource_id:rs-e1b2'
role_idRole IDStringsdm audit permissions --filter 'role_id:r-e1b2'

Queries

FieldDescriptionValue typeUsage example
accountAccount name or emailString or emailsdm audit queries --filter 'account:alice.glick'
account_idAccount IDStringsdm audit queries --filter 'account_id:a-e1b2'
afterQueries logged after the specified date and timeDatetimesdm audit queries --filter 'after:2024-01-01T12:00:00Z'
beforeQueries logged before the specified date and timeDatetimesdm audit queries --filter 'before:2024-01-01T12:00:00Z'
emailUser’s email addressEmailsdm audit queries --filter 'email:a@b.com'
encryptedEncryption status of the queryBooleansdm audit queries --filter 'encrypted:true'
firstNameUser’s first nameStringsdm audit queries --filter 'firstName:Bob'
idQuery identifierStringsdm audit queries --filter 'id:0asb124dsac'
lastNameUser’s last nameStringsdm audit queries --filter 'lastName:Belcher'
queryQuery executed by the userStringsdm audit queries --filter 'query:select * from users'
query_categoryResource category for the queryStringsdm audit queries --filter 'query_category:cluster'
resource_idResource IDStringsdm audit queries --filter 'resource_id:r-e1b2'
resource_nameResource nameStringsdm audit queries --filter 'resource_name:dev-db2'
resource_typeResource typeStringsdm audit queries --filter 'resource_type:postgres'

Resources - clouds, clusters, datasources, servers, websites

FieldDescriptionValue typeUsage example
assignedResources that are assigned to a workflowBooleansdm admin datasources list --filter 'assigned:true'
bindAddressIP address to which the resource is bound, and port, in the 127.0.0.1 to 127.255.255.254 IP address range; default is 127.0.0.1IPsdm admin datasources list --filter 'bindAddress:127.0.0.1:2022'
bindInterfaceIP address to which the resource is bound, in the 127.0.0.1 to 127.255.255.254 IP address range; default is 127.0.0.1IPsdm admin datasources list --filter 'bindInterface:127.0.0.1'
hasRequestResources that users have requested to accessBooleansdm admin servers list --filter 'hasRequest:true'
healthyHealth status of the resourceBooleansdm admin datasources list --filter 'healthy:false'
hostnameHostname of the resource; for websites, the URL of the websiteURLsdm admin datasources list --filter 'hostname:example-host.com'
httpsubdomainOrganization’s web domain valueStringsdm admin datasources list --filter 'httpsubdomain:education-team'
idID of the resourceStringsdm admin datasources list --filter 'id:rs-058a6582617b2c95'
identity_enabledMethod of authentication for the resource, either Identity Aliases (true) or leased credentials (false)Booleansdm admin servers list --filter 'identity_enabled:true'
identity_set_idID of the Identity Set, if the resource’s method of authentication is set to Identity AliasesStringsdm admin servers list --filter 'identity_set_id:ig-e1b2'
nameName of the resourceStringsdm admin datasources list --filter 'name:ExampleResourceName'
portPort numberNumbersdm admin datasources list --filter 'port:27017'
portoverridePort override to which the resource is boundNumbersdm admin datasources list --filter 'portoverride:1234'
secretStoreIdSecret store identifier for the resource; use sdm admin secretstores list to get itStringsdm admin clouds list --filter 'secretStoreId:se-1a2b3cd45678e9f1'
tagsResource tags assigned to the resourceKVPsdm admin datasources list --filter 'tag:env=dev'
typeSpecific type of resource (for example, sshCert, redis, and so forth)Stringsdm admin datasources list --filter 'type:redis'
usernameUsername to be used for authentication to the resourceStringsdm admin datasources list --filter 'username:admin'

Roles

FieldDescriptionValue typeUsage example
assignedRoles assigned (true) or unassigned (false) to an accountBooleansdm admin roles list --filter 'assigned:false'
idRole IDStringsdm admin roles list --filter 'id:r-449dd90f60f610d7'
managedRoles (groups) that are managed and provisioned by StrongDM (false) or managed and provisioned by a third-party identity provider (true) such as OktaBooleansdm admin roles list --filter 'managed:false'
nameName of the roleStringsdm admin roles list --filter 'name:Docs'
tagsTags assigned to the roleKVPsdm admin roles update 'Test Role' --tags 'env=dev'
workflowWorkflow ID of the workflow to which the role is assignedStringsdm access catalog --filter 'workflow:aw-e1b2'

Workflows, workflow-approvers, workflow-assignments, workflow-roles

FieldDescriptionValue typeUsage example
accountAccount ID of the userStringsdm admin workflows list workflow-approvers --filter 'account:a-e1b2'
autograntApproval criteria for the workflow, either automatic approval (true) or manual approval (false)Booleansdm admin workflows list workflows --filter 'autogrant:true'
enabledStatus of workflow (enabled or disabled)Booleansdm admin workflows list workflows --filter 'enabled:true'
idWorkflow IDStringsdm admin workflows list workflows --filter 'id:aw-e1b2'
nameName of workflowStringsdm admin workflows list workflows --filter 'name:mysql-dev'
resourceResource IDStringsdm admin workflows list workflow-assignments --filter 'resource:rs-e1b2'
roleRole IDStringsdm admin workflows list workflow-roles --filter 'role:r-e1b2'
workflowWorkflow IDStringsdm admin workflows list workflow-approvers --filter 'workflow:aw-e1b2'

Potential Resource Type Values

This section provides the accepted values for each resource type.

Datasources

This table provides the values for each datasource type.

Datasource typeValue
Amazon ESamazones
Amazon MQ (AMQP 0.9.1)amazonmq-amqp-091
Athenaathena
Aurora MySQLaurora-mysql
Aurora PostgreSQLaurora-postgres
Aurora PostgreSQL (IAM)aurorapostgresiam
Azure Database for MySQLazuremysql
Azure Database for PostgreSQLazurepostgres
Azure PostgreSQL (Managed Identity)azurepostgresmanagedidentity
BigQuerybigquery
Cassandracassandra
Cituscitus
Clustrixclustrix
CockroachDBcockroach
Db2idb2i
Db2 LUWdb2luw
DocumentDB (replica set)documentdbreplicaset
DocumentDB (single host)documentdbhost
Druiddruid
DynamoDBdynamo
ElastiCache Redisecredis
Elasticsearchelastic
Greenplumgreenplum
Mariamaria
Memcachedmemcached
MemSQLmemsql
Microsoft SQL Servermssql
Microsoft SQL Server (Azure AD)mssqlAzureAD
Microsoft SQL Server (Kerberos)mssqlKerberos
MongoDB (replica set)mongo-replicaset
MongoDB (sharded cluster)mongoshardedcluster
MongoDB (single host)mongo
MySQLmysql
Neptuneneptune
Neptune (IAM)neptuneiam
Oracleoracle
PostgreSQLpostgres
PostgreSQL (mTLS)mTLSPostgres
Prestopresto
RabbitMQ (AMQP 0.9.1)rabbitmq-amqp-091
RDS PostgreSQL (IAM)rdspostgresiam
Redisredis
Redshiftredshift
SingleStoresinglestore
Snowflakesnowflake
Sybase ASEsybase
Sybase IQsybase-iq, sybaseiq
Teradatateradata

Servers

This table provides the values for each server type.

Server typeValue
RDPrdp
RDP (Certificate Based)rdp-cert, rdpCert
SSH (Public Key)ssh
SSH (Certificate Based)ssh-cert, sshCert
SSH (Customer Managed Key)ssh-customer-key
TCPrawtcp

Clusters

This table provides the values for each cluster type.

Cluster typeValue
AKSaks
AKS (Service Account)aks-service, aksservice
AKS (Service Account - User Impersonation)aks-service-ui, aksserviceui
AKS (User Impersonation)aks-ui
Elastic Kubernetes Serviceamazon-eks, amazoneks, eks
Elastic Kubernetes Service (instance profile)amazon-eks-instance-profile, amazoneksinstanceprofile, eks-instance-profile
Elastic Kubernetes Service (User Impersonation)amazon-eks-ui, amazoneksui, eksui
Elastic Kubernetes Service (instance profile - User Impersonation)amazon-eks-instance-profile-ui, amazoneksinstanceprofileui, eks-instance-profile-ui
Google Kubernetes Enginegke
Google Kubernetes Engine (User Impersonation)gke-ui
Kubernetesk8s, kubernetes
Kubernetes (Service Account)k8s-service, k8sservice
Kubernetes (Service Account - User Impersonation)k8s-service-ui, k8sserviceui
Kubernetes (User Impersonation)k8s-ui, kubernetesui

Clouds

This table provides the values for each cloud type.

Cloud typeValue
AWSaws
AWS Management ConsoleawsConsole
AWS Management Console (Static key pair)awsConsoleStaticKeyPair
Azure (Certificate)azurecert
Azure (Password)azure
GCPgcp
Snowsight (Snowflake Web Console)snowsight

Websites

This table provides the values for each website type.

Website typeValue
HTTPhttp, httpNoAuth, http-no-auth
HTTP Basic Authhttp-basic, httpBasic, basicauth
HTTP Custom Authhttp-header-auth, headerauth
Top