Documentation

Architecture & Concepts ▹

Architecture & Concepts ▾

Programming Model

Projects

Stacks

Configuration and Secrets

Organizing Stacks and Projects

How Pulumi Works

State and Backends

Command Line ▹

Command Line ▾

Cancel

Config

Destroy

Logout

Logs

New

Plugin

Preview

Refresh

Stack

State

Update

Teams & Collaboration ▹

Teams & Collaboration ▾

Organizations

Teams

Roles and Access Controls

GitHub App

Pulumi Webhooks

Creating a 'Deploy with Pulumi' Button

Continuous Delivery ▹

Continuous Delivery ▾

AWS Code Services

Azure DevOps

CircleCI

GitHub Actions

GitLab CI

Travis CI

Supported Clouds

Supported Languages ▹

Supported Languages ▾

Node.js

Python

Compared to Others ▹

Compared to Others ▾

Terraform

Cloud Templates

Cloud SDKs

Serverless

Kubernetes YAML

Chef, Puppet, etc.

Custom Solutions

API Reference ▹

API Reference ▾

Node.js

pulumi

aws

aws-infra

aws-serverless

azure

azure-serverless

cloud

cloud-aws

cloud-azure

docker

eks

gcp

kubernetes

openstack

vsphere

f5bigip

packet

Python

pulumi

pulumi_aws

pulumi_azure

pulumi_gcp

pulumi_kubernetes

pulumi_random

pulumi_openstack

pulumi_f5bigip

FAQ

Changelog

Troubleshooting & Support

Edit This Page

Module guardduty

@pulumi/aws > guardduty

Index ▹

guardduty/detector.ts guardduty/iPSet.ts guardduty/member.ts guardduty/threatIntelSet.ts

class Detector

extends CustomResource

Provides a resource to manage a GuardDuty detector.

NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myDetector = new aws.guardduty.Detector("MyDetector", {
    enable: true,
    findingPublishingFrequency: "SIX_HOURS",
});

constructor

new Detector(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions)

Create a Detector resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DetectorState, opts?: pulumi.CustomResourceOptions): Detector

Get an existing Detector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The AWS account ID of the GuardDuty detector

property enable

public enable: pulumi.Output<boolean | undefined>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

public findingPublishingFrequency: pulumi.Output<string | undefined>;

Specifies the frequency of notifications sent for subsequent finding occurrences. Valid values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. Default: SIX_HOURS. See AWS Documentation for more information.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IPSet

extends CustomResource

Provides a resource to manage a GuardDuty IPSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {
    enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
});
const myIPSetBucketObject = new aws.s3.BucketObject("MyIPSet", {
    acl: "public-read",
    bucket: bucket.id,
    content: "10.0.0.0/8\n",
    key: "MyIPSet",
});
const myIPSetIPSet = new aws.guardduty.IPSet("MyIPSet", {
    activate: true,
    detectorId: master.id,
    format: "TXT",
    location: pulumi.all([myIPSetBucketObject.bucket, myIPSetBucketObject.key]).apply(([bucket, key]) => `https://s3.amazonaws.com/${bucket}/${key}`),
});

constructor

new IPSet(name: string, args: IPSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IPSet resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IPSetState, opts?: pulumi.CustomResourceOptions): IPSet

Get an existing IPSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;

The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the IPSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the IPSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Member

extends CustomResource

Provides a resource to manage a GuardDuty member.

NOTE: Currently after using this resource, you must manually accept member account invitations before GuardDuty will begin sending cross-account events. More information for how to accomplish this via the AWS Console or API can be found in the GuardDuty User Guide. Terraform implementation of the member acceptance resource can be tracked in Github.

constructor

new Member(name: string, args: MemberArgs, opts?: pulumi.CustomResourceOptions)

Create a Member resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MemberState, opts?: pulumi.CustomResourceOptions): Member

Get an existing Member resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

AWS account ID for member account.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

public disableEmailNotification: pulumi.Output<boolean | undefined>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

public email: pulumi.Output<string>;

Email address for member account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property invitationMessage

public invitationMessage: pulumi.Output<string | undefined>;

Message for invitation.

property invite

public invite: pulumi.Output<boolean | undefined>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus

public relationshipStatus: pulumi.Output<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ThreatIntelSet

extends CustomResource

Provides a resource to manage a GuardDuty ThreatIntelSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {
    enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
});
const myThreatIntelSetBucketObject = new aws.s3.BucketObject("MyThreatIntelSet", {
    acl: "public-read",
    bucket: bucket.id,
    content: "10.0.0.0/8\n",
    key: "MyThreatIntelSet",
});
const myThreatIntelSetThreatIntelSet = new aws.guardduty.ThreatIntelSet("MyThreatIntelSet", {
    activate: true,
    detectorId: master.id,
    format: "TXT",
    location: pulumi.all([myThreatIntelSetBucketObject.bucket, myThreatIntelSetBucketObject.key]).apply(([bucket, key]) => `https://s3.amazonaws.com/${bucket}/${key}`),
});

constructor

new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ThreatIntelSet resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ThreatIntelSetState, opts?: pulumi.CustomResourceOptions): ThreatIntelSet

Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;

The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the ThreatIntelSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the ThreatIntelSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface DetectorArgs

The set of arguments for constructing a Detector resource.

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

findingPublishingFrequency?: pulumi.Input<string>;

interface DetectorState

Input properties used for looking up and filtering Detector resources.

property accountId

accountId?: pulumi.Input<string>;

The AWS account ID of the GuardDuty detector

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

findingPublishingFrequency?: pulumi.Input<string>;

interface IPSetArgs

The set of arguments for constructing a IPSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;

The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface IPSetState

Input properties used for looking up and filtering IPSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;

The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location?: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface MemberArgs

The set of arguments for constructing a Member resource.

property accountId

accountId: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

interface MemberState

Input properties used for looking up and filtering Member resources.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email?: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

property relationshipStatus

relationshipStatus?: pulumi.Input<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

interface ThreatIntelSetArgs

The set of arguments for constructing a ThreatIntelSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;

The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.

interface ThreatIntelSetState

Input properties used for looking up and filtering ThreatIntelSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;

The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location

location?: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.