Skip to main content

Live Resources

DriftWise stores the resources discovered during each cloud scan in a tenant-isolated inventory. The endpoints below let you browse that inventory, request on-demand property enrichment for a single resource, and check a high-level posture summary across every cloud account in your organization.

All routes are org-scoped and require a caller with org membership. Authentication accepts either an API key (dw2_ prefix) or an OIDC JWT via the Authorization: Bearer header.

List live resources

Returns a paginated list of the live resources in an organization, optionally filtered by cloud account.

curl "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/resources?limit=100&offset=0" \
  -H "x-api-key: $DRIFTWISE_API_KEY"

Query parameters

ParameterTypeDefaultDescription
account_idstring (UUID)Filter to a single cloud account. Omit to list resources across every account in the org.
limitinteger100Page size. Capped at 500.
offsetinteger0Pagination offset.

Response

{
  "resources": [
    {
      "id": "resource-uuid",
      "provider_resource_id": "arn:aws:ec2:us-east-1:123456789012:instance/i-0a1b2c3d",
      "provider": "aws",
      "provider_type": "AWS::EC2::Instance",
      "normalized_type": "compute",
      "name": "web-server-prod-01",
      "region": "us-east-1",
      "iac_resource_id": "aws_instance.web_server",
      "status": "live",
      "enrichment_status": "enriched",
      "last_seen_at": "2026-04-12T10:30:00Z"
    }
  ],
  "total": 42,
  "limit": 100,
  "offset": 0
}

provider_type is the cloud-native type string (e.g. AWS::EC2::Instance, compute.googleapis.com/Instance, Microsoft.Compute/virtualMachines). normalized_type is the broad DriftWise resource category used for filtering and risk classification. iac_resource_id is populated when a resource has been matched to a declared IaC resource; it is null otherwise. See Cloud Discovery for the full list of enrichment_status values.

Enrich a resource

Triggers on-demand property fetching for a single resource. Use this when enrichment_status is none or failed and you want fresh properties without waiting for the next scheduled scan.

curl -X POST "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/resources/$RESOURCE_ID/enrich" \
  -H "x-api-key: $DRIFTWISE_API_KEY"

No request body. The response is the same shape as a list entry plus a properties object (the raw, redacted cloud provider payload) and an enrichment_failure_reason field.

Behaviour by provider

  • AWS — calls CloudControl GetResource and stores the resulting property blob after pattern-based scrubbing.
  • GCP and Azure — the discovery APIs already return full properties, so there is no separate enricher. The endpoint force-transitions the resource to enrichment_status = n/a and returns the current row. This is a safe no-op you can call to reconcile a resource that was stuck in failed against a non-enriching provider.

Status codes

StatusWhen
200 OKEnrichment succeeded, or the resource was already enriched / n/a.
400 Bad RequestThe resource's provider field is not registered in the cloud registry.
404 Not FoundResource or cloud account not found in this org.
503 Service UnavailableCloud registry is not configured on the server.

Get posture summary

Returns a one-row-per-cloud-account summary of IaC coverage and undeclared resources. Useful for dashboard widgets and CI gates that need a single-call overview of an org's posture without fetching every resource.

curl "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/posture" \
  -H "x-api-key: $DRIFTWISE_API_KEY"

Response

{
  "org_id": "550e8400-e29b-41d4-a716-446655440000",
  "accounts": [
    {
      "cloud_account_id": "account-uuid",
      "account_name": "production",
      "provider": "aws",
      "coverage_pct": 87.5,
      "risk_level": "high",
      "total_live": 156,
      "undeclared_count": 19
    }
  ]
}
  • coverage_pct is the percentage of live resources that are matched to a declared IaC resource. null until the account has been scanned at least once.
  • risk_level is one of low, medium, high, derived from undeclared resource counts against category-specific thresholds. null before enough data is available.
  • undeclared_count counts live resources with no matching IaC resource — a rough proxy for drift-by-omission.

Accounts are returned in a stable order; consumers should not rely on a specific sort and should key by cloud_account_id.