Module guardduty

@pulumi/aws > guardduty

class Detector

extends CustomResource

Provides a resource to manage a GuardDuty detector.

NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myDetector = new aws.guardduty.Detector("MyDetector", {
    enable: true,
});

constructor

new Detector(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions)

Create a Detector resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DetectorState, opts?: pulumi.CustomResourceOptions): Detector

Get an existing Detector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The AWS account ID of the GuardDuty detector

property enable

public enable: pulumi.Output<boolean | undefined>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

public findingPublishingFrequency: pulumi.Output<string>;

Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty master account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection. Valid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. See AWS Documentation for more information.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IPSet

extends CustomResource

Provides a resource to manage a GuardDuty IPSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {
    enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
});
const myIPSetBucketObject = new aws.s3.BucketObject("MyIPSet", {
    acl: "public-read",
    bucket: bucket.id,
    content: "10.0.0.0/8\n",
    key: "MyIPSet",
});
const myIPSetIPSet = new aws.guardduty.IPSet("MyIPSet", {
    activate: true,
    detectorId: master.id,
    format: "TXT",
    location: pulumi.interpolate`https://s3.amazonaws.com/${myIPSetBucketObject.bucket}/${myIPSetBucketObject.key}`,
});

constructor

new IPSet(name: string, args: IPSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IPSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IPSetState, opts?: pulumi.CustomResourceOptions): IPSet

Get an existing IPSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;

The format of the file that contains the IPSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the IPSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the IPSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class InviteAccepter

extends CustomResource

Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct master account on read, and disassociate with the master account upon removal.

constructor

new InviteAccepter(name: string, args: InviteAccepterArgs, opts?: pulumi.CustomResourceOptions)

Create a InviteAccepter resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InviteAccepterState, opts?: pulumi.CustomResourceOptions): InviteAccepter

Get an existing InviteAccepter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the member GuardDuty account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property masterAccountId

public masterAccountId: pulumi.Output<string>;

AWS account ID for master account.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Member

extends CustomResource

Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the aws_guardduty_invite_accepter resource.

constructor

new Member(name: string, args: MemberArgs, opts?: pulumi.CustomResourceOptions)

Create a Member resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MemberState, opts?: pulumi.CustomResourceOptions): Member

Get an existing Member resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

AWS account ID for member account.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

public disableEmailNotification: pulumi.Output<boolean | undefined>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

public email: pulumi.Output<string>;

Email address for member account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property invitationMessage

public invitationMessage: pulumi.Output<string | undefined>;

Message for invitation.

property invite

public invite: pulumi.Output<boolean | undefined>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus

public relationshipStatus: pulumi.Output<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ThreatIntelSet

extends CustomResource

Provides a resource to manage a GuardDuty ThreatIntelSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {
    enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
});
const myThreatIntelSetBucketObject = new aws.s3.BucketObject("MyThreatIntelSet", {
    acl: "public-read",
    bucket: bucket.id,
    content: "10.0.0.0/8\n",
    key: "MyThreatIntelSet",
});
const myThreatIntelSetThreatIntelSet = new aws.guardduty.ThreatIntelSet("MyThreatIntelSet", {
    activate: true,
    detectorId: master.id,
    format: "TXT",
    location: pulumi.interpolate`https://s3.amazonaws.com/${myThreatIntelSetBucketObject.bucket}/${myThreatIntelSetBucketObject.key}`,
});

constructor

new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ThreatIntelSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ThreatIntelSetState, opts?: pulumi.CustomResourceOptions): ThreatIntelSet

Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;

The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the ThreatIntelSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the ThreatIntelSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface DetectorArgs

The set of arguments for constructing a Detector resource.

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

findingPublishingFrequency?: pulumi.Input<string>;

Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty master account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection. Valid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. See AWS Documentation for more information.

interface DetectorState

Input properties used for looking up and filtering Detector resources.

property accountId

accountId?: pulumi.Input<string>;

The AWS account ID of the GuardDuty detector

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

findingPublishingFrequency?: pulumi.Input<string>;

Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty master account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection. Valid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. See AWS Documentation for more information.

interface IPSetArgs

The set of arguments for constructing a IPSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;

The format of the file that contains the IPSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

property location

location: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface IPSetState

Input properties used for looking up and filtering IPSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;

The format of the file that contains the IPSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

property location

location?: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface InviteAccepterArgs

The set of arguments for constructing a InviteAccepter resource.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the member GuardDuty account.

property masterAccountId

masterAccountId: pulumi.Input<string>;

AWS account ID for master account.

interface InviteAccepterState

Input properties used for looking up and filtering InviteAccepter resources.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the member GuardDuty account.

property masterAccountId

masterAccountId?: pulumi.Input<string>;

AWS account ID for master account.

interface MemberArgs

The set of arguments for constructing a Member resource.

property accountId

accountId: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

interface MemberState

Input properties used for looking up and filtering Member resources.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email?: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus

relationshipStatus?: pulumi.Input<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

interface ThreatIntelSetArgs

The set of arguments for constructing a ThreatIntelSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;

The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

property location

location: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.

interface ThreatIntelSetState

Input properties used for looking up and filtering ThreatIntelSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;

The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

property location

location?: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.