--- title: Generate a new external ID description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > AWS Integration --- # Generate a new external ID{% #generate-a-new-external-id %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/integration/aws/generate_new_external_id | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/integration/aws/generate_new_external_id | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/integration/aws/generate_new_external_id | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/integration/aws/generate_new_external_id | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/integration/aws/generate_new_external_id | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/integration/aws/generate_new_external_id | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/integration/aws/generate_new_external_id | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/integration/aws/generate_new_external_id | ### Overview Generate a new external ID for AWS role-based authentication. This endpoint requires the `aws_configuration_edit` permission. ### Response {% tab title="200" %} AWS External ID object {% tab title="Model" %} AWS External ID response body. | Parent field | Field | Type | Description | | ------------ | ----------------------------- | ------ | ----------------------------------------------------------------------------- | | | data [*required*] | object | AWS External ID response body. | | data | attributes | object | AWS External ID response body. | | attributes | external_id [*required*] | string | AWS IAM External ID for associated role. | | data | id [*required*] | string | The `AWSNewExternalIDResponseData` `id`. | | data | type [*required*] | enum | The `AWSNewExternalIDResponseData` `type`. Allowed enum values: `external_id` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "external_id": "acb8f6b8a844443dbb726d07dcb1a870" }, "id": "external_id", "type": "external_id" } } ``` {% /tab %} {% /tab %} {% tab title="403" %} Forbidden {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/integration/aws/generate_new_external_id" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ Generate a new external ID returns "AWS External ID object" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.aws_integration_api import AWSIntegrationApi configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = AWSIntegrationApi(api_client) response = api_instance.create_new_aws_external_id() print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Generate a new external ID returns "AWS External ID object" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::AWSIntegrationAPI.new p api_instance.create_new_aws_external_id() ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Generate a new external ID returns "AWS External ID object" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewAWSIntegrationApi(apiClient) resp, r, err := api.CreateNewAWSExternalID(ctx) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `AWSIntegrationApi.CreateNewAWSExternalID`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `AWSIntegrationApi.CreateNewAWSExternalID`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Generate a new external ID returns "AWS External ID object" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.AwsIntegrationApi; import com.datadog.api.client.v2.model.AWSNewExternalIDResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); AwsIntegrationApi apiInstance = new AwsIntegrationApi(defaultClient); try { AWSNewExternalIDResponse result = apiInstance.createNewAWSExternalID(); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling AwsIntegrationApi#createNewAWSExternalID"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Generate a new external ID returns "AWS External ID object" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_aws_integration::AWSIntegrationAPI; #[tokio::main] async fn main() { let configuration = datadog::Configuration::new(); let api = AWSIntegrationAPI::with_config(configuration); let resp = api.create_new_aws_external_id().await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Generate a new external ID returns "AWS External ID object" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.AWSIntegrationApi(configuration); apiInstance .createNewAWSExternalID() .then((data: v2.AWSNewExternalIDResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %} {% tab title="v1" %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------- | | ap1.datadoghq.com | PUT https://api.ap1.datadoghq.com/api/v1/integration/aws/generate_new_external_id | | ap2.datadoghq.com | PUT https://api.ap2.datadoghq.com/api/v1/integration/aws/generate_new_external_id | | app.datadoghq.eu | PUT https://api.datadoghq.eu/api/v1/integration/aws/generate_new_external_id | | app.ddog-gov.com | PUT https://api.ddog-gov.com/api/v1/integration/aws/generate_new_external_id | | us2.ddog-gov.com | PUT https://api.us2.ddog-gov.com/api/v1/integration/aws/generate_new_external_id | | app.datadoghq.com | PUT https://api.datadoghq.com/api/v1/integration/aws/generate_new_external_id | | us3.datadoghq.com | PUT https://api.us3.datadoghq.com/api/v1/integration/aws/generate_new_external_id | | us5.datadoghq.com | PUT https://api.us5.datadoghq.com/api/v1/integration/aws/generate_new_external_id | ### Overview **This endpoint is deprecated - use the V2 endpoints instead.** Generate a new AWS external ID for a given AWS account ID and role name pair. This endpoint requires the `aws_configuration_edit` permission. ### Request #### Body Data (required) Your Datadog role delegation name. For more information about your AWS account Role name, see the [Datadog AWS integration configuration info](https://docs.datadoghq.com/integrations/amazon_web_services.md#setup). {% tab title="Model" %} | Parent field | Field | Type | Description | | -------------------- | ------------------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | access_key_id | string | Your AWS access key ID. Only required if your AWS account is a GovCloud or China account. | | | account_id | string | Your AWS Account ID without dashes. | | | account_specific_namespace_rules | object | An object (in the form `{"namespace1":true/false, "namespace2":true/false}`) containing user-supplied overrides for AWS namespace metric collection. **Important**: This field only contains namespaces explicitly configured through API calls, not the comprehensive enabled or disabled status of all namespaces. If a namespace is absent from this field, it uses Datadog's internal defaults (all namespaces enabled by default, except `AWS/SQS`, `AWS/ElasticMapReduce`, and `AWS/Usage`). For a complete view of all namespace statuses, use the V2 AWS Integration API instead. | | additionalProperties | | boolean | A list of additional properties. | | | cspm_resource_collection_enabled | boolean | Whether Datadog collects cloud security posture management resources from your AWS account. This includes additional resources not covered under the general `resource_collection`. | | | excluded_regions | [string] | An array of [AWS regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints) to exclude from metrics collection. | | | extended_resource_collection_enabled | boolean | Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Required for `cspm_resource_collection`. | | | filter_tags | [string] | The array of EC2 tags (in the form `key:value`) defines a filter that Datadog uses when collecting metrics from EC2. Wildcards, such as `?` (for single characters) and `*` (for multiple characters) can also be used. Only hosts that match one of the defined tags will be imported into Datadog. The rest will be ignored. Host matching a given tag can also be excluded by adding `!` before the tag. For example, `env:production,instance-type:c1.*,!region:us-east-1` | | | host_tags | [string] | Array of tags (in the form `key:value`) to add to all hosts and metrics reporting through this integration. | | | metrics_collection_enabled | boolean | Whether Datadog collects metrics for this AWS account. | | | resource_collection_enabled | boolean | **DEPRECATED**: Deprecated in favor of 'extended_resource_collection_enabled'. Whether Datadog collects a standard set of resources from your AWS account. | | | role_name | string | Your Datadog role delegation name. | | | secret_access_key | string | Your AWS secret access key. Only required if your AWS account is a GovCloud or China account. | {% /tab %} {% tab title="Example" %} ```json { "access_key_id": "string", "account_id": "123456789012", "account_specific_namespace_rules": { "": false }, "cspm_resource_collection_enabled": true, "excluded_regions": [ "us-east-1", "us-west-2" ], "extended_resource_collection_enabled": true, "filter_tags": [ "$KEY:$VALUE" ], "host_tags": [ "$KEY:$VALUE" ], "metrics_collection_enabled": false, "resource_collection_enabled": true, "role_name": "DatadogAWSIntegrationRole", "secret_access_key": "string" } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} The Response returned by the AWS Create Account call. | Field | Type | Description | | ----------- | ------ | ---------------- | | external_id | string | AWS external_id. | {% /tab %} {% tab title="Example" %} ```json { "external_id": "string" } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Authentication Error {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X PUT "https://api.datadoghq.com/api/v1/integration/aws/generate_new_external_id" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "account_id": "123456789012", "role_name": "DatadogAWSIntegrationRole" } EOF ##### ```python """ Generate a new external ID returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v1.api.aws_integration_api import AWSIntegrationApi from datadog_api_client.v1.model.aws_account import AWSAccount body = AWSAccount( account_id="123456789012", account_specific_namespace_rules=dict( auto_scaling=False, opswork=False, ), cspm_resource_collection_enabled=True, excluded_regions=[ "us-east-1", "us-west-2", ], extended_resource_collection_enabled=True, filter_tags=[ "$KEY:$VALUE", ], host_tags=[ "$KEY:$VALUE", ], metrics_collection_enabled=False, resource_collection_enabled=True, role_name="DatadogAWSIntegrationRole", ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = AWSIntegrationApi(api_client) response = api_instance.create_new_aws_external_id(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Generate a new external ID returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V1::AWSIntegrationAPI.new body = DatadogAPIClient::V1::AWSAccount.new({ account_id: "123456789012", account_specific_namespace_rules: { auto_scaling: false, opswork: false, }, cspm_resource_collection_enabled: true, excluded_regions: [ "us-east-1", "us-west-2", ], extended_resource_collection_enabled: true, filter_tags: [ "$KEY:$VALUE", ], host_tags: [ "$KEY:$VALUE", ], metrics_collection_enabled: false, resource_collection_enabled: true, role_name: "DatadogAWSIntegrationRole", }) p api_instance.create_new_aws_external_id(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Generate a new external ID returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV1" ) func main() { body := datadogV1.AWSAccount{ AccountId: datadog.PtrString("123456789012"), AccountSpecificNamespaceRules: map[string]bool{ "auto_scaling": false, "opswork": false, }, CspmResourceCollectionEnabled: datadog.PtrBool(true), ExcludedRegions: []string{ "us-east-1", "us-west-2", }, ExtendedResourceCollectionEnabled: datadog.PtrBool(true), FilterTags: []string{ "$KEY:$VALUE", }, HostTags: []string{ "$KEY:$VALUE", }, MetricsCollectionEnabled: datadog.PtrBool(false), ResourceCollectionEnabled: datadog.PtrBool(true), RoleName: datadog.PtrString("DatadogAWSIntegrationRole"), } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV1.NewAWSIntegrationApi(apiClient) resp, r, err := api.CreateNewAWSExternalID(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `AWSIntegrationApi.CreateNewAWSExternalID`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `AWSIntegrationApi.CreateNewAWSExternalID`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Generate a new external ID returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.AwsIntegrationApi; import com.datadog.api.client.v1.model.AWSAccount; import com.datadog.api.client.v1.model.AWSAccountCreateResponse; import java.util.Arrays; import java.util.Collections; import java.util.Map; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); AwsIntegrationApi apiInstance = new AwsIntegrationApi(defaultClient); AWSAccount body = new AWSAccount() .accountId("123456789012") .accountSpecificNamespaceRules( Map.ofEntries(Map.entry("auto_scaling", false), Map.entry("opswork", false))) .cspmResourceCollectionEnabled(true) .excludedRegions(Arrays.asList("us-east-1", "us-west-2")) .extendedResourceCollectionEnabled(true) .filterTags(Collections.singletonList("$KEY:$VALUE")) .hostTags(Collections.singletonList("$KEY:$VALUE")) .metricsCollectionEnabled(false) .resourceCollectionEnabled(true) .roleName("DatadogAWSIntegrationRole"); try { AWSAccountCreateResponse result = apiInstance.createNewAWSExternalID(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling AwsIntegrationApi#createNewAWSExternalID"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Generate a new external ID returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV1::api_aws_integration::AWSIntegrationAPI; use datadog_api_client::datadogV1::model::AWSAccount; use std::collections::BTreeMap; #[tokio::main] async fn main() { let body = AWSAccount::new() .account_id("123456789012".to_string()) .account_specific_namespace_rules(BTreeMap::from([ ("auto_scaling".to_string(), false), ("opswork".to_string(), false), ])) .cspm_resource_collection_enabled(true) .excluded_regions(vec!["us-east-1".to_string(), "us-west-2".to_string()]) .extended_resource_collection_enabled(true) .filter_tags(vec!["$KEY:$VALUE".to_string()]) .host_tags(vec!["$KEY:$VALUE".to_string()]) .metrics_collection_enabled(false) .resource_collection_enabled(true) .role_name("DatadogAWSIntegrationRole".to_string()); let configuration = datadog::Configuration::new(); let api = AWSIntegrationAPI::with_config(configuration); let resp = api.create_new_aws_external_id(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Generate a new external ID returns "OK" response */ import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.AWSIntegrationApi(configuration); const params: v1.AWSIntegrationApiCreateNewAWSExternalIDRequest = { body: { accountId: "123456789012", accountSpecificNamespaceRules: { auto_scaling: false, opswork: false, }, cspmResourceCollectionEnabled: true, excludedRegions: ["us-east-1", "us-west-2"], extendedResourceCollectionEnabled: true, filterTags: ["$KEY:$VALUE"], hostTags: ["$KEY:$VALUE"], metricsCollectionEnabled: false, resourceCollectionEnabled: true, roleName: "DatadogAWSIntegrationRole", }, }; apiInstance .createNewAWSExternalID(params) .then((data: v1.AWSAccountCreateResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}