Namespace Pulumi.Aws.GuardDuty

Classes

Detector

Provides a resource to manage a GuardDuty detector.

NOTE: Deleting this resource is equivalent to "disabling" GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead "suspend" monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var myDetector = new Aws.GuardDuty.Detector("myDetector", new Aws.GuardDuty.DetectorArgs
    {
        Enable = true,
    });
}

}

DetectorArgs

DetectorState

GetDetector

GetDetectorArgs

GetDetectorResult

InviteAccepter

Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct master account on read, and disassociate with the master account upon removal.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var master = new Aws.GuardDuty.Detector("master", new Aws.GuardDuty.DetectorArgs
    {
    });
    var memberDetector = new Aws.GuardDuty.Detector("memberDetector", new Aws.GuardDuty.DetectorArgs
    {
    });
    var dev = new Aws.GuardDuty.Member("dev", new Aws.GuardDuty.MemberArgs
    {
        AccountId = memberDetector.AccountId,
        DetectorId = master.Id,
        Email = "required@example.com",
        Invite = true,
    });
    var memberInviteAccepter = new Aws.GuardDuty.InviteAccepter("memberInviteAccepter", new Aws.GuardDuty.InviteAccepterArgs
    {
        DetectorId = memberDetector.Id,
        MasterAccountId = master.AccountId,
    });
}

}

InviteAccepterArgs

InviteAccepterState

IPSet

Provides a resource to manage a GuardDuty IPSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var master = new Aws.GuardDuty.Detector("master", new Aws.GuardDuty.DetectorArgs
    {
        Enable = true,
    });
    var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
    {
        Acl = "private",
    });
    var myIPSetBucketObject = new Aws.S3.BucketObject("myIPSetBucketObject", new Aws.S3.BucketObjectArgs
    {
        Acl = "public-read",
        Bucket = bucket.Id,
        Content = @"10.0.0.0/8

",
        Key = "MyIPSet",
    });
    var myIPSetIPSet = new Aws.GuardDuty.IPSet("myIPSetIPSet", new Aws.GuardDuty.IPSetArgs
    {
        Activate = true,
        DetectorId = master.Id,
        Format = "TXT",
        Location = Output.Tuple(myIPSetBucketObject.Bucket, myIPSetBucketObject.Key).Apply(values =>
        {
            var bucket = values.Item1;
            var key = values.Item2;
            return $"https://s3.amazonaws.com/{bucket}/{key}";
        }),
    });
}

}

IPSetArgs

IPSetState

Member

Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the aws.guardduty.InviteAccepter resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var master = new Aws.GuardDuty.Detector("master", new Aws.GuardDuty.DetectorArgs
    {
        Enable = true,
    });
    var memberDetector = new Aws.GuardDuty.Detector("memberDetector", new Aws.GuardDuty.DetectorArgs
    {
        Enable = true,
    });
    var memberMember = new Aws.GuardDuty.Member("memberMember", new Aws.GuardDuty.MemberArgs
    {
        AccountId = memberDetector.AccountId,
        DetectorId = master.Id,
        Email = "required@example.com",
        Invite = true,
        InvitationMessage = "please accept guardduty invitation",
    });
}

}

MemberArgs

MemberState

OrganizationAdminAccount

Manages a GuardDuty Organization Admin Account. The AWS account utilizing this resource must be an Organizations master account. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleOrganization = new Aws.Organizations.Organization("exampleOrganization", new Aws.Organizations.OrganizationArgs
    {
        AwsServiceAccessPrincipals = 
        {
            "guardduty.amazonaws.com",
        },
        FeatureSet = "ALL",
    });
    var exampleDetector = new Aws.GuardDuty.Detector("exampleDetector", new Aws.GuardDuty.DetectorArgs
    {
    });
    var exampleOrganizationAdminAccount = new Aws.GuardDuty.OrganizationAdminAccount("exampleOrganizationAdminAccount", new Aws.GuardDuty.OrganizationAdminAccountArgs
    {
        AdminAccountId = "123456789012",
    });
}

}

OrganizationAdminAccountArgs

OrganizationAdminAccountState

OrganizationConfiguration

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g. via the aws.guardduty.OrganizationAdminAccount resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

NOTE: This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleDetector = new Aws.GuardDuty.Detector("exampleDetector", new Aws.GuardDuty.DetectorArgs
    {
        Enable = true,
    });
    var exampleOrganizationConfiguration = new Aws.GuardDuty.OrganizationConfiguration("exampleOrganizationConfiguration", new Aws.GuardDuty.OrganizationConfigurationArgs
    {
        AutoEnable = true,
        DetectorId = exampleDetector.Id,
    });
}

}

OrganizationConfigurationArgs

OrganizationConfigurationState

ThreatIntelSet

Provides a resource to manage a GuardDuty ThreatIntelSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var master = new Aws.GuardDuty.Detector("master", new Aws.GuardDuty.DetectorArgs
    {
        Enable = true,
    });
    var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
    {
        Acl = "private",
    });
    var myThreatIntelSetBucketObject = new Aws.S3.BucketObject("myThreatIntelSetBucketObject", new Aws.S3.BucketObjectArgs
    {
        Acl = "public-read",
        Bucket = bucket.Id,
        Content = @"10.0.0.0/8

",
        Key = "MyThreatIntelSet",
    });
    var myThreatIntelSetThreatIntelSet = new Aws.GuardDuty.ThreatIntelSet("myThreatIntelSetThreatIntelSet", new Aws.GuardDuty.ThreatIntelSetArgs
    {
        Activate = true,
        DetectorId = master.Id,
        Format = "TXT",
        Location = Output.Tuple(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).Apply(values =>
        {
            var bucket = values.Item1;
            var key = values.Item2;
            return $"https://s3.amazonaws.com/{bucket}/{key}";
        }),
    });
}

}

ThreatIntelSetArgs

ThreatIntelSetState