Skip to content
CrowdStrike Developer Center

cloud_aws_account

This data source provides information about AWS accounts in Falcon.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Cloud security AWS registration: READ
  • Cloud security AWS registration: WRITE

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


# return all registered AWS accounts
data "crowdstrike_cloud_aws_account" "all" {}


# return a specific AWS accounts
data "crowdstrike_cloud_aws_account" "specific" {
  account_id = "123456789012"
}


# return all accounts associated with an AWS Organizaiton
data "crowdstrike_cloud_aws_account" "org" {
  organization_id = "o-123456789012"
}

Schema

Section titled “Schema”

Optional

Section titled “Optional”
  • account_id (String) Filter the results to a specific AWS Account ID. When both account_id and organization_id are specified, only accounts matching both are returned
  • organization_id (String) Filter the results to accounts within a specific AWS Organization. When both account_id and organization_id are specified, only accounts matching both are returned

Read-Only

Section titled “Read-Only”

Nested Schema for accounts

Section titled “Nested Schema for accounts”

Optional:

  • resource_name_prefix (String) The prefix to be added to all resource names
  • resource_name_suffix (String) The suffix to be added to all resource names

Read-Only:

  • account_id (String) The AWS Account ID
  • account_type (String) The AWS account type. Value is ‘commercial’ for Commercial cloud accounts. For GovCloud environments, value can be either ‘commercial’ or ‘gov’ depending on the account type
  • agentless_scanning_role_name (String) The name of the IAM role to be used by CrowdStrike Agentless Scanning (DSPM/Vulnerability scanning). If both are configured, the DSPM role takes precedence.
  • asset_inventory_enabled (Boolean) Whether asset inventory is enabled
  • cloudtrail_bucket_name (String) The name of the CloudTrail S3 bucket used for real-time visibility
  • cloudtrail_region (String) The AWS region of the CloudTrail bucket
  • dspm_enabled (Boolean) Whether Data Security Posture Management is enabled
  • dspm_role_arn (String) The ARN of the IAM role to be used by CrowdStrike DSPM
  • dspm_role_name (String) The name of the IAM role to be used by CrowdStrike DSPM
  • eventbus_arn (String) The ARN of the Amazon EventBridge used by CrowdStrike to forward messages
  • eventbus_name (String) The name of the Amazon EventBridge used by CrowdStrike to forward messages
  • external_id (String) The external ID used to assume the AWS IAM role
  • iam_role_arn (String) The ARN of the AWS IAM role used to access this AWS account
  • iam_role_name (String) The name of the AWS IAM role used to access this AWS account
  • idp_enabled (Boolean) Whether Identity Protection is enabled
  • intermediate_role_arn (String) The ARN of the intermediate role used to assume the AWS IAM role
  • is_organization_management_account (Boolean) Indicates whether this is the management account (formerly known as the root account) of an AWS Organization
  • organization_id (String) The AWS Organization ID
  • realtime_visibility_enabled (Boolean) Whether real-time visibility is enabled
  • sensor_management_enabled (Boolean) Whether 1-click sensor deployment is enabled
  • target_ous (List of String) The list of AWS Organizational Units (OUs) targeted for this account
  • vulnerability_scanning_enabled (Boolean) Whether Vulnerability Scanning is enabled
  • vulnerability_scanning_role_arn (String) The ARN of the IAM role to be used by CrowdStrike Vulnerability Scanning
  • vulnerability_scanning_role_name (String) The name of the IAM role to be used by CrowdStrike Vulnerability Scanning
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use