guardduty

class pulumi_aws.guardduty.Detector(resource_name, opts=None, enable=None, finding_publishing_frequency=None, __name__=None, __opts__=None)

Provides a resource to manage a GuardDuty detector.

NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • enable (pulumi.Input[bool]) – Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.
  • finding_publishing_frequency (pulumi.Input[str]) – Specifies the frequency of notifications sent for subsequent finding occurrences. Valid values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. Default: SIX_HOURS. See AWS Documentation for more information.
account_id = None

The AWS account ID of the GuardDuty detector

enable = None

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

finding_publishing_frequency = None

Specifies the frequency of notifications sent for subsequent finding occurrences. Valid values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. Default: SIX_HOURS. See AWS Documentation for more information.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.guardduty.IPSet(resource_name, opts=None, activate=None, detector_id=None, format=None, location=None, name=None, __name__=None, __opts__=None)

Provides a resource to manage a GuardDuty IPSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • activate (pulumi.Input[bool]) – Specifies whether GuardDuty is to start using the uploaded IPSet.
  • detector_id (pulumi.Input[str]) – The detector ID of the GuardDuty.
  • format (pulumi.Input[str]) – The format of the file that contains the IPSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
  • location (pulumi.Input[str]) – The URI of the file that contains the IPSet.
  • name (pulumi.Input[str]) – The friendly name to identify the IPSet.
activate = None

Specifies whether GuardDuty is to start using the uploaded IPSet.

detector_id = None

The detector ID of the GuardDuty.

format = None

The format of the file that contains the IPSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

location = None

The URI of the file that contains the IPSet.

name = None

The friendly name to identify the IPSet.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.guardduty.Member(resource_name, opts=None, account_id=None, detector_id=None, disable_email_notification=None, email=None, invitation_message=None, invite=None, __name__=None, __opts__=None)

Provides a resource to manage a GuardDuty member.

NOTE: Currently after using this resource, you must manually accept member account invitations before GuardDuty will begin sending cross-account events. More information for how to accomplish this via the AWS Console or API can be found in the GuardDuty User Guide. Terraform implementation of the member acceptance resource can be tracked in Github.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • account_id (pulumi.Input[str]) – AWS account ID for member account.
  • detector_id (pulumi.Input[str]) – The detector ID of the GuardDuty account where you want to create member accounts.
  • disable_email_notification (pulumi.Input[bool]) – Boolean whether an email notification is sent to the accounts. Defaults to false.
  • email (pulumi.Input[str]) – Email address for member account.
  • invitation_message (pulumi.Input[str]) – Message for invitation.
  • invite (pulumi.Input[bool]) – Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.
account_id = None

AWS account ID for member account.

detector_id = None

The detector ID of the GuardDuty account where you want to create member accounts.

disable_email_notification = None

Boolean whether an email notification is sent to the accounts. Defaults to false.

email = None

Email address for member account.

invitation_message = None

Message for invitation.

invite = None

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.

relationship_status = None

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.guardduty.ThreatIntelSet(resource_name, opts=None, activate=None, detector_id=None, format=None, location=None, name=None, __name__=None, __opts__=None)

Provides a resource to manage a GuardDuty ThreatIntelSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • activate (pulumi.Input[bool]) – Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
  • detector_id (pulumi.Input[str]) – The detector ID of the GuardDuty.
  • format (pulumi.Input[str]) – The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
  • location (pulumi.Input[str]) – The URI of the file that contains the ThreatIntelSet.
  • name (pulumi.Input[str]) – The friendly name to identify the ThreatIntelSet.
activate = None

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

detector_id = None

The detector ID of the GuardDuty.

format = None

The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

location = None

The URI of the file that contains the ThreatIntelSet.

name = None

The friendly name to identify the ThreatIntelSet.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str