Skip to main content
vschmitt_FTNT
Staff
vschmitt_FTNT
Staff
February 16, 2026

Technical Tip: Retrieving Cloud Compliance Summary (CIS AWS 1.4) via API

  • February 16, 2026
  • 0 replies
  • 57 views
Description This article describes how to retrieve Cloud Compliance summary metrics for CIS AWS 1.4 via API, ensuring alignment with the summary shown in the UI and PDF report header.
Scope FortiCNAPP (Lacework), users generating CIS AWS 1.4 compliance reports and requiring accurate summary metrics via API.
Solution

Prerequisites:

  • A valid API token with permission to access Reports and ReportConfigurations.

  • An existing report configuration for 'CIS Amazon Web Services Foundations Benchmark v1.4.0' created in the Reports page of the UI.

 

The /api/v2/Reports endpoint may return summary metrics that include duplicate non-compliant resources (for example, the same resource counted once per violating policy), resulting in discrepancies with the UI/PDF report header, which counts distinct resources.

The /api/v2/ReportConfigurations/{reportConfigGuid}/generate endpoint, when used with format=json, returns summary counters that match the UI/PDF report header by counting distinct resources.

The reportConfigGuid is the unique identifier of the report configuration created in the Lacework UI.

To obtain accurate summary metrics:

  1. Create or locate a report configuration for CIS AWS 1.4 in the UI (Reports page).

    • The reportConfigGuid used in the API call is the ID of this configuration (visible in the configuration details or available via the ReportConfigurations API as documented in the API reference).

  2. Use the following API call, replacing placeholders as appropriate:

     
curl -X POST 'https://<youraccount>.lacework.net/api/v2/ReportConfigurations/<reportConfigGuid>/generate?format=json' \ -H 'Authorization: Bearer <your_api_token>'
 

  1. The JSON response will include summary counters (Critical, High, Medium, Low, Info, total policies assessed, non-compliant resources, total resources assessed, excepted resources) that match the PDF report header.

 

Example of a simplified JSON response (truncated for clarity):

 

{ "reportType": "AWS_CIS_14", "reportTitle": "CIS Amazon Web Services Foundations Benchmark v1.4.0", "summary": { "critical": 0, "high": 11, "medium": 19, "low": 3, "info": 0, "totalPoliciesAssessed": 46, "nonCompliantResources": 600, "totalResourcesAssessed": 1907, "exceptedResources": 1 }, "generatedTime": "2025-03-10T06:05:00Z", "details": [ { "policyId": "LW_AWS_CIS_1_1", "severity": "High", "title": "Avoid the use of the root account", "nonCompliantResources": 5, "totalResourcesAssessed": 50 } // ...additional policy entries omitted... ] }

 

This is the recommended and supported method for retrieving PDF-equivalent summary metrics programmatically.

While this article focuses on CIS AWS 1.4, the same approach (using ReportConfigurations/{reportConfigGuid}/generate?format=json) applies to other cloud compliance reports where alignment with the UI/PDF summary is required.
Terms & ConditionsAccessibility statement