Edit This Page

Module guardduty

@pulumi/aws > guardduty

Index

guardduty/detector.ts guardduty/iPSet.ts guardduty/member.ts guardduty/threatIntelSet.ts

class Detector

Provides a resource to manage a GuardDuty detector.

~> NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

constructor 

new Detector(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions)

Create a Detector resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DetectorState): Detector

Get an existing Detector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId 

public accountId: pulumi.Output<string>;

The AWS account ID of the GuardDuty detector

property enable 

public enable: pulumi.Output<boolean | undefined>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IPSet

Provides a resource to manage a GuardDuty IPSet.

~> Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

constructor 

new IPSet(name: string, args: IPSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IPSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IPSetState): IPSet

Get an existing IPSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate 

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId 

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format 

public format: pulumi.Output<string>;
The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location 

public location: pulumi.Output<string>;

The URI of the file that contains the IPSet.

property name 

public name: pulumi.Output<string>;

The friendly name to identify the IPSet.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Member

Provides a resource to manage a GuardDuty member.

~> NOTE: Currently after using this resource, you must manually accept member account invitations before GuardDuty will begin sending cross-account events. More information for how to accomplish this via the AWS Console or API can be found in the GuardDuty User Guide. Terraform implementation of the member acceptance resource can be tracked in Github.

constructor 

new Member(name: string, args: MemberArgs, opts?: pulumi.CustomResourceOptions)

Create a Member resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MemberState): Member

Get an existing Member resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId 

public accountId: pulumi.Output<string>;

AWS account ID for member account.

property detectorId 

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification 

public disableEmailNotification: pulumi.Output<boolean | undefined>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email 

public email: pulumi.Output<string>;

Email address for member account.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property invitationMessage 

public invitationMessage: pulumi.Output<string | undefined>;

Message for invitation.

property invite 

public invite: pulumi.Output<boolean | undefined>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus 

public relationshipStatus: pulumi.Output<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ThreatIntelSet

Provides a resource to manage a GuardDuty ThreatIntelSet.

~> Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

constructor 

new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ThreatIntelSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ThreatIntelSetState): ThreatIntelSet

Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate 

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId 

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format 

public format: pulumi.Output<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location 

public location: pulumi.Output<string>;

The URI of the file that contains the ThreatIntelSet.

property name 

public name: pulumi.Output<string>;

The friendly name to identify the ThreatIntelSet.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface DetectorArgs

The set of arguments for constructing a Detector resource.

property enable 

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

interface DetectorState

Input properties used for looking up and filtering Detector resources.

property accountId 

accountId?: pulumi.Input<string>;

The AWS account ID of the GuardDuty detector

property enable 

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

interface IPSetArgs

The set of arguments for constructing a IPSet resource.

property activate 

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId 

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format 

format: pulumi.Input<string>;
The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location 

location: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name 

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface IPSetState

Input properties used for looking up and filtering IPSet resources.

property activate 

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId 

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format 

format?: pulumi.Input<string>;
The format of the file that contains the IPSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location 

location?: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name 

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface MemberArgs

The set of arguments for constructing a Member resource.

property accountId 

accountId: pulumi.Input<string>;

AWS account ID for member account.

property detectorId 

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification 

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email 

email: pulumi.Input<string>;

Email address for member account.

property invitationMessage 

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite 

invite?: pulumi.Input<boolean>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

interface MemberState

Input properties used for looking up and filtering Member resources.

property accountId 

accountId?: pulumi.Input<string>;

AWS account ID for member account.

property detectorId 

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification 

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email 

email?: pulumi.Input<string>;

Email address for member account.

property invitationMessage 

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite 

invite?: pulumi.Input<boolean>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus 

relationshipStatus?: pulumi.Input<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

interface ThreatIntelSetArgs

The set of arguments for constructing a ThreatIntelSet resource.

property activate 

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId 

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format 

format: pulumi.Input<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location 

location: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name 

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.

interface ThreatIntelSetState

Input properties used for looking up and filtering ThreatIntelSet resources.

property activate 

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId 

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format 

format?: pulumi.Input<string>;
The format of the file that contains the ThreatIntelSet. Valid values: TXT STIX OTX_CSV ALIEN_VAULT PROOF_POINT FIRE_EYE

property location 

location?: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name 

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.