Module guardduty
@pulumi/aws > guardduty
Index ▹
class Detector
extends CustomResource
Provides a resource to manage a GuardDuty detector.
NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the
enable
attribute tofalse
to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myDetector = new aws.guardduty.Detector("MyDetector", {
enable: true,
findingPublishingFrequency: "SIX_HOURS",
});
constructor
new Detector(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions)
Create a Detector resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DetectorState, opts?: pulumi.CustomResourceOptions): Detector
Get an existing Detector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
method isInstance
static isInstance(obj: any): boolean
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property accountId
public accountId: pulumi.Output<string>;
The AWS account ID of the GuardDuty detector
property enable
public enable: pulumi.Output<boolean | undefined>;
Enable monitoring and feedback reporting. Setting to false
is equivalent to “suspending” GuardDuty. Defaults to true
.
property findingPublishingFrequency
public findingPublishingFrequency: pulumi.Output<string | undefined>;
Specifies the frequency of notifications sent for subsequent finding occurrences. Valid values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
. Default: SIX_HOURS
. See AWS Documentation for more information.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
class IPSet
extends CustomResource
Provides a resource to manage a GuardDuty IPSet.
Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const master = new aws.guardduty.Detector("master", {
enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
});
const myIPSetBucketObject = new aws.s3.BucketObject("MyIPSet", {
acl: "public-read",
bucket: bucket.id,
content: "10.0.0.0/8\n",
key: "MyIPSet",
});
const myIPSetIPSet = new aws.guardduty.IPSet("MyIPSet", {
activate: true,
detectorId: master.id,
format: "TXT",
location: pulumi.all([myIPSetBucketObject.bucket, myIPSetBucketObject.key]).apply(([bucket, key]) => `https://s3.amazonaws.com/${bucket}/${key}`),
});
constructor
new IPSet(name: string, args: IPSetArgs, opts?: pulumi.CustomResourceOptions)
Create a IPSet resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IPSetState, opts?: pulumi.CustomResourceOptions): IPSet
Get an existing IPSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
method isInstance
static isInstance(obj: any): boolean
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property activate
public activate: pulumi.Output<boolean>;
Specifies whether GuardDuty is to start using the uploaded IPSet.
property detectorId
public detectorId: pulumi.Output<string>;
The detector ID of the GuardDuty.
property format
public format: pulumi.Output<string>;
The format of the file that contains the IPSet. Valid values: TXT |
STIX |
OTX_CSV |
ALIEN_VAULT |
PROOF_POINT |
FIRE_EYE |
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property location
public location: pulumi.Output<string>;
The URI of the file that contains the IPSet.
property name
public name: pulumi.Output<string>;
The friendly name to identify the IPSet.
property urn
class Member
extends CustomResource
Provides a resource to manage a GuardDuty member.
NOTE: Currently after using this resource, you must manually accept member account invitations before GuardDuty will begin sending cross-account events. More information for how to accomplish this via the AWS Console or API can be found in the GuardDuty User Guide. Terraform implementation of the member acceptance resource can be tracked in Github.
constructor
new Member(name: string, args: MemberArgs, opts?: pulumi.CustomResourceOptions)
Create a Member resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MemberState, opts?: pulumi.CustomResourceOptions): Member
Get an existing Member resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
method isInstance
static isInstance(obj: any): boolean
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property accountId
public accountId: pulumi.Output<string>;
AWS account ID for member account.
property detectorId
public detectorId: pulumi.Output<string>;
The detector ID of the GuardDuty account where you want to create member accounts.
property disableEmailNotification
public disableEmailNotification: pulumi.Output<boolean | undefined>;
Boolean whether an email notification is sent to the accounts. Defaults to false
.
property email
public email: pulumi.Output<string>;
Email address for member account.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property invitationMessage
public invitationMessage: pulumi.Output<string | undefined>;
Message for invitation.
property invite
public invite: pulumi.Output<boolean | undefined>;
Boolean whether to invite the account to GuardDuty as a member. Defaults to false
. To detect if an invitation needs to be (re-)sent, the Terraform state value is true
based on a relationship_status
of Disabled
, Enabled
, Invited
, or EmailVerificationInProgress
.
property relationshipStatus
public relationshipStatus: pulumi.Output<string>;
The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.
property urn
class ThreatIntelSet
extends CustomResource
Provides a resource to manage a GuardDuty ThreatIntelSet.
Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const master = new aws.guardduty.Detector("master", {
enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
});
const myThreatIntelSetBucketObject = new aws.s3.BucketObject("MyThreatIntelSet", {
acl: "public-read",
bucket: bucket.id,
content: "10.0.0.0/8\n",
key: "MyThreatIntelSet",
});
const myThreatIntelSetThreatIntelSet = new aws.guardduty.ThreatIntelSet("MyThreatIntelSet", {
activate: true,
detectorId: master.id,
format: "TXT",
location: pulumi.all([myThreatIntelSetBucketObject.bucket, myThreatIntelSetBucketObject.key]).apply(([bucket, key]) => `https://s3.amazonaws.com/${bucket}/${key}`),
});
constructor
new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: pulumi.CustomResourceOptions)
Create a ThreatIntelSet resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ThreatIntelSetState, opts?: pulumi.CustomResourceOptions): ThreatIntelSet
Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
method isInstance
static isInstance(obj: any): boolean
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property activate
public activate: pulumi.Output<boolean>;
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
property detectorId
public detectorId: pulumi.Output<string>;
The detector ID of the GuardDuty.
property format
public format: pulumi.Output<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT |
STIX |
OTX_CSV |
ALIEN_VAULT |
PROOF_POINT |
FIRE_EYE |
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property location
public location: pulumi.Output<string>;
The URI of the file that contains the ThreatIntelSet.
property name
public name: pulumi.Output<string>;
The friendly name to identify the ThreatIntelSet.
property urn
interface DetectorArgs
The set of arguments for constructing a Detector resource.
property enable
enable?: pulumi.Input<boolean>;
Enable monitoring and feedback reporting. Setting to false
is equivalent to “suspending” GuardDuty. Defaults to true
.
property findingPublishingFrequency
findingPublishingFrequency?: pulumi.Input<string>;
Specifies the frequency of notifications sent for subsequent finding occurrences. Valid values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
. Default: SIX_HOURS
. See AWS Documentation for more information.
interface DetectorState
Input properties used for looking up and filtering Detector resources.
property accountId
accountId?: pulumi.Input<string>;
The AWS account ID of the GuardDuty detector
property enable
enable?: pulumi.Input<boolean>;
Enable monitoring and feedback reporting. Setting to false
is equivalent to “suspending” GuardDuty. Defaults to true
.
property findingPublishingFrequency
findingPublishingFrequency?: pulumi.Input<string>;
Specifies the frequency of notifications sent for subsequent finding occurrences. Valid values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
. Default: SIX_HOURS
. See AWS Documentation for more information.
interface IPSetArgs
The set of arguments for constructing a IPSet resource.
property activate
activate: pulumi.Input<boolean>;
Specifies whether GuardDuty is to start using the uploaded IPSet.
property detectorId
detectorId: pulumi.Input<string>;
The detector ID of the GuardDuty.
property format
format: pulumi.Input<string>;
The format of the file that contains the IPSet. Valid values: TXT |
STIX |
OTX_CSV |
ALIEN_VAULT |
PROOF_POINT |
FIRE_EYE |
property location
location: pulumi.Input<string>;
The URI of the file that contains the IPSet.
property name
name?: pulumi.Input<string>;
The friendly name to identify the IPSet.
interface IPSetState
Input properties used for looking up and filtering IPSet resources.
property activate
activate?: pulumi.Input<boolean>;
Specifies whether GuardDuty is to start using the uploaded IPSet.
property detectorId
detectorId?: pulumi.Input<string>;
The detector ID of the GuardDuty.
property format
format?: pulumi.Input<string>;
The format of the file that contains the IPSet. Valid values: TXT |
STIX |
OTX_CSV |
ALIEN_VAULT |
PROOF_POINT |
FIRE_EYE |
property location
location?: pulumi.Input<string>;
The URI of the file that contains the IPSet.
property name
name?: pulumi.Input<string>;
The friendly name to identify the IPSet.
interface MemberArgs
The set of arguments for constructing a Member resource.
property accountId
accountId: pulumi.Input<string>;
AWS account ID for member account.
property detectorId
detectorId: pulumi.Input<string>;
The detector ID of the GuardDuty account where you want to create member accounts.
property disableEmailNotification
disableEmailNotification?: pulumi.Input<boolean>;
Boolean whether an email notification is sent to the accounts. Defaults to false
.
property email
email: pulumi.Input<string>;
Email address for member account.
property invitationMessage
invitationMessage?: pulumi.Input<string>;
Message for invitation.
property invite
invite?: pulumi.Input<boolean>;
Boolean whether to invite the account to GuardDuty as a member. Defaults to false
. To detect if an invitation needs to be (re-)sent, the Terraform state value is true
based on a relationship_status
of Disabled
, Enabled
, Invited
, or EmailVerificationInProgress
.
interface MemberState
Input properties used for looking up and filtering Member resources.
property accountId
accountId?: pulumi.Input<string>;
AWS account ID for member account.
property detectorId
detectorId?: pulumi.Input<string>;
The detector ID of the GuardDuty account where you want to create member accounts.
property disableEmailNotification
disableEmailNotification?: pulumi.Input<boolean>;
Boolean whether an email notification is sent to the accounts. Defaults to false
.
property email
email?: pulumi.Input<string>;
Email address for member account.
property invitationMessage
invitationMessage?: pulumi.Input<string>;
Message for invitation.
property invite
invite?: pulumi.Input<boolean>;
Boolean whether to invite the account to GuardDuty as a member. Defaults to false
. To detect if an invitation needs to be (re-)sent, the Terraform state value is true
based on a relationship_status
of Disabled
, Enabled
, Invited
, or EmailVerificationInProgress
.
property relationshipStatus
relationshipStatus?: pulumi.Input<string>;
The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.
interface ThreatIntelSetArgs
The set of arguments for constructing a ThreatIntelSet resource.
property activate
activate: pulumi.Input<boolean>;
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
property detectorId
detectorId: pulumi.Input<string>;
The detector ID of the GuardDuty.
property format
format: pulumi.Input<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT |
STIX |
OTX_CSV |
ALIEN_VAULT |
PROOF_POINT |
FIRE_EYE |
property location
location: pulumi.Input<string>;
The URI of the file that contains the ThreatIntelSet.
property name
name?: pulumi.Input<string>;
The friendly name to identify the ThreatIntelSet.
interface ThreatIntelSetState
Input properties used for looking up and filtering ThreatIntelSet resources.
property activate
activate?: pulumi.Input<boolean>;
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
property detectorId
detectorId?: pulumi.Input<string>;
The detector ID of the GuardDuty.
property format
format?: pulumi.Input<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT |
STIX |
OTX_CSV |
ALIEN_VAULT |
PROOF_POINT |
FIRE_EYE |
property location
location?: pulumi.Input<string>;
The URI of the file that contains the ThreatIntelSet.
property name
name?: pulumi.Input<string>;
The friendly name to identify the ThreatIntelSet.