Module guardduty

@pulumi/aws > guardduty

Index

guardduty/detector.ts guardduty/iPSet.ts guardduty/member.ts guardduty/threatIntelSet.ts

class Detector

Provides a resource to manage a GuardDuty detector.

~> NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

constructor

new Detector(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions)

Create a Detector resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DetectorState): Detector

Get an existing Detector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The AWS account ID of the GuardDuty detector

property enable

public enable: pulumi.Output<boolean | undefined>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IPSet

Provides a resource to manage a GuardDuty IPSet.

~> Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

constructor

new IPSet(name: string, args: IPSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IPSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IPSetState): IPSet

Get an existing IPSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;
The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the IPSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the IPSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Member

Provides a resource to manage a GuardDuty member.

~> NOTE: Currently after using this resource, you must manually accept member account invitations before GuardDuty will begin sending cross-account events. More information for how to accomplish this via the AWS Console or API can be found in the GuardDuty User Guide. Terraform implementation of the member acceptance resource can be tracked in Github.

constructor

new Member(name: string, args: MemberArgs, opts?: pulumi.CustomResourceOptions)

Create a Member resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MemberState): Member

Get an existing Member resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

AWS account ID for member account.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

public disableEmailNotification: pulumi.Output<boolean | undefined>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

public email: pulumi.Output<string>;

Email address for member account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property invitationMessage

public invitationMessage: pulumi.Output<string | undefined>;

Message for invitation.

property invite

public invite: pulumi.Output<boolean | undefined>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus

public relationshipStatus: pulumi.Output<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ThreatIntelSet

Provides a resource to manage a GuardDuty ThreatIntelSet.

~> Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

constructor

new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ThreatIntelSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ThreatIntelSetState): ThreatIntelSet

Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the ThreatIntelSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the ThreatIntelSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface DetectorArgs

The set of arguments for constructing a Detector resource.

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

interface DetectorState

Input properties used for looking up and filtering Detector resources.

property accountId

accountId?: pulumi.Input<string>;

The AWS account ID of the GuardDuty detector

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

interface IPSetArgs

The set of arguments for constructing a IPSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;
The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface IPSetState

Input properties used for looking up and filtering IPSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;
The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location?: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface MemberArgs

The set of arguments for constructing a Member resource.

property accountId

accountId: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

interface MemberState

Input properties used for looking up and filtering Member resources.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email?: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus

relationshipStatus?: pulumi.Input<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

interface ThreatIntelSetArgs

The set of arguments for constructing a ThreatIntelSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.

interface ThreatIntelSetState

Input properties used for looking up and filtering ThreatIntelSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location?: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.