Set Account as "Not a person"
Your various environments will contain "service" accounts that are not owned by any employees. For these accounts, we can set them as "Not a person" so that Vanta will not run any employee related security tasks against them (for example, policy acceptance or security awareness training completion).
In this example, we will first query for a list of AWS IAM Users to find our service account uid. We used AWS IAM Users here, but this guide will work with any user account from the integrated environments you have connected in your Vanta domain.
query AwsAccountList {
organization {
AwsAccountList(first: 2) {
edges {
node {
accountName
uid
}
}
}
}
}
{
"data": {
"organization": {
"AwsAccountList": {
"edges": [
{
"node": {
"accountName": "john-stamos",
"uid": "eyJkIjoiNWZjODI0MjBhMjI4ZjZiNmY3MiYXJuOmF3czppYW06OjNjA3OTIwODp1W0tY2xpIn0="
}
},
{
"node": {
"accountName": "kubernetes-service-account",
"uid": "eyJkIjoiiLCJ1IjoiYXJuOmF3czppYW06Ojc4Nzg3NjA3OTIwODp1c2VyL3Rlc3QtdXNlciJ9"
}
}
]
}
}
}
}
Next, we will run a mutation to set the service account as "Not a person". (Note: Make sure to replace our example uid with one that you pulled from your previous query!)
mutation SetAccountAsNotAPerson {
setFetchedResourceOwnerAsNotAPerson(input: { resources: "eyJkIjoiiLCJ1IjoiYXJuOmF3czppYW06Ojc4Nzg3NjA3OTIwODp1c2VyL3Rlc3QtdXNlciJ9" } ) {
... on SetFetchedResourceOwnerAsNotAPersonSuccess {
countChanged
countFailed
}
}
}
{
"data": {
"setFetchedResourceOwnerAsNotAPerson": {
"countChanged": 1,
"countFailed": 0
}
}
}
Updated 5 months ago