Module guardduty

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Resource Detector

class Detector extends CustomResource

Provides a resource to manage a GuardDuty detector.

NOTE: Deleting this resource is equivalent to “disabling” GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead “suspend” monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myDetector = new aws.guardduty.Detector("MyDetector", {
    enable: true,
});

constructor

new Detector(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions)

Create a Detector resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DetectorState, opts?: pulumi.CustomResourceOptions): Detector

Get an existing Detector resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Detector

Returns true if the given object is an instance of Detector. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The AWS account ID of the GuardDuty detector

property enable

public enable: pulumi.Output<boolean | undefined>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

public findingPublishingFrequency: pulumi.Output<string>;

Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty master account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty master accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. See AWS Documentation for more information.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InviteAccepter

class InviteAccepter extends CustomResource

Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct master account on read, and disassociate with the master account upon removal.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {});
const memberDetector = new aws.guardduty.Detector("memberDetector", {});
const dev = new aws.guardduty.Member("dev", {
    accountId: memberDetector.accountId,
    detectorId: master.id,
    email: "required@example.com",
    invite: true,
});
const memberInviteAccepter = new aws.guardduty.InviteAccepter("memberInviteAccepter", {
    detectorId: memberDetector.id,
    masterAccountId: master.accountId,
});

constructor

new InviteAccepter(name: string, args: InviteAccepterArgs, opts?: pulumi.CustomResourceOptions)

Create a InviteAccepter resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InviteAccepterState, opts?: pulumi.CustomResourceOptions): InviteAccepter

Get an existing InviteAccepter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is InviteAccepter

Returns true if the given object is an instance of InviteAccepter. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the member GuardDuty account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property masterAccountId

public masterAccountId: pulumi.Output<string>;

AWS account ID for master account.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IPSet

class IPSet extends CustomResource

Provides a resource to manage a GuardDuty IPSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {
    enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
});
const myIPSetBucketObject = new aws.s3.BucketObject("MyIPSet", {
    acl: "public-read",
    bucket: bucket.id,
    content: "10.0.0.0/8\n",
    key: "MyIPSet",
});
const myIPSetIPSet = new aws.guardduty.IPSet("MyIPSet", {
    activate: true,
    detectorId: master.id,
    format: "TXT",
    location: pulumi.interpolate`https://s3.amazonaws.com/${myIPSetBucketObject.bucket}/${myIPSetBucketObject.key}`,
});

constructor

new IPSet(name: string, args: IPSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IPSet resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IPSetState, opts?: pulumi.CustomResourceOptions): IPSet

Get an existing IPSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IPSet

Returns true if the given object is an instance of IPSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the IPSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the IPSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Member

class Member extends CustomResource

Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the aws.guardduty.InviteAccepter resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {enable: true});
const memberDetector = new aws.guardduty.Detector("memberDetector", {enable: true});
const memberMember = new aws.guardduty.Member("memberMember", {
    accountId: memberDetector.accountId,
    detectorId: master.id,
    email: "required@example.com",
    invite: true,
    invitationMessage: "please accept guardduty invitation",
});

constructor

new Member(name: string, args: MemberArgs, opts?: pulumi.CustomResourceOptions)

Create a Member resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MemberState, opts?: pulumi.CustomResourceOptions): Member

Get an existing Member resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Member

Returns true if the given object is an instance of Member. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

AWS account ID for member account.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

public disableEmailNotification: pulumi.Output<boolean | undefined>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

public email: pulumi.Output<string>;

Email address for member account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property invitationMessage

public invitationMessage: pulumi.Output<string | undefined>;

Message for invitation.

property invite

public invite: pulumi.Output<boolean | undefined>;

Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the this provider state value is true based on a relationshipStatus of Disabled, Enabled, Invited, or EmailVerificationInProgress.

property relationshipStatus

public relationshipStatus: pulumi.Output<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource OrganizationAdminAccount

class OrganizationAdminAccount extends CustomResource

Manages a GuardDuty Organization Admin Account. The AWS account utilizing this resource must be an Organizations master account. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleOrganization = new aws.organizations.Organization("exampleOrganization", {
    awsServiceAccessPrincipals: ["guardduty.amazonaws.com"],
    featureSet: "ALL",
});
const exampleDetector = new aws.guardduty.Detector("exampleDetector", {});
const exampleOrganizationAdminAccount = new aws.guardduty.OrganizationAdminAccount("exampleOrganizationAdminAccount", {adminAccountId: "123456789012"});

constructor

new OrganizationAdminAccount(name: string, args: OrganizationAdminAccountArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationAdminAccount resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationAdminAccountState, opts?: pulumi.CustomResourceOptions): OrganizationAdminAccount

Get an existing OrganizationAdminAccount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OrganizationAdminAccount

Returns true if the given object is an instance of OrganizationAdminAccount. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property adminAccountId

public adminAccountId: pulumi.Output<string>;

AWS account identifier to designate as a delegated administrator for GuardDuty.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource OrganizationConfiguration

class OrganizationConfiguration extends CustomResource

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g. via the aws.guardduty.OrganizationAdminAccount resource. More information about Organizations support in GuardDuty can be found in the GuardDuty User Guide.

NOTE: This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleDetector = new aws.guardduty.Detector("exampleDetector", {enable: true});
const exampleOrganizationConfiguration = new aws.guardduty.OrganizationConfiguration("exampleOrganizationConfiguration", {
    autoEnable: true,
    detectorId: exampleDetector.id,
});

constructor

new OrganizationConfiguration(name: string, args: OrganizationConfigurationArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationConfiguration resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationConfigurationState, opts?: pulumi.CustomResourceOptions): OrganizationConfiguration

Get an existing OrganizationConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OrganizationConfiguration

Returns true if the given object is an instance of OrganizationConfiguration. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property autoEnable

public autoEnable: pulumi.Output<boolean>;

When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty account.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ThreatIntelSet

class ThreatIntelSet extends CustomResource

Provides a resource to manage a GuardDuty ThreatIntelSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const master = new aws.guardduty.Detector("master", {
    enable: true,
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
});
const myThreatIntelSetBucketObject = new aws.s3.BucketObject("MyThreatIntelSet", {
    acl: "public-read",
    bucket: bucket.id,
    content: "10.0.0.0/8\n",
    key: "MyThreatIntelSet",
});
const myThreatIntelSetThreatIntelSet = new aws.guardduty.ThreatIntelSet("MyThreatIntelSet", {
    activate: true,
    detectorId: master.id,
    format: "TXT",
    location: pulumi.interpolate`https://s3.amazonaws.com/${myThreatIntelSetBucketObject.bucket}/${myThreatIntelSetBucketObject.key}`,
});

constructor

new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ThreatIntelSet resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ThreatIntelSetState, opts?: pulumi.CustomResourceOptions): ThreatIntelSet

Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ThreatIntelSet

Returns true if the given object is an instance of ThreatIntelSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activate

public activate: pulumi.Output<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

public detectorId: pulumi.Output<string>;

The detector ID of the GuardDuty.

property format

public format: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the file that contains the ThreatIntelSet.

property name

public name: pulumi.Output<string>;

The friendly name to identify the ThreatIntelSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getDetector

getDetector(args?: GetDetectorArgs, opts?: pulumi.InvokeOptions): Promise<GetDetectorResult>

Retrieve information about a GuardDuty detector.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.guardduty.getDetector({ async: true }));

Others

interface DetectorArgs

interface DetectorArgs

The set of arguments for constructing a Detector resource.

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

findingPublishingFrequency?: pulumi.Input<string>;

interface DetectorState

interface DetectorState

Input properties used for looking up and filtering Detector resources.

property accountId

accountId?: pulumi.Input<string>;

The AWS account ID of the GuardDuty detector

property enable

enable?: pulumi.Input<boolean>;

Enable monitoring and feedback reporting. Setting to false is equivalent to “suspending” GuardDuty. Defaults to true.

property findingPublishingFrequency

findingPublishingFrequency?: pulumi.Input<string>;

interface GetDetectorArgs

interface GetDetectorArgs

A collection of arguments for invoking getDetector.

property id

id?: undefined | string;

The ID of the detector.

interface GetDetectorResult

interface GetDetectorResult

A collection of values returned by getDetector.

property findingPublishingFrequency

findingPublishingFrequency: string;

The frequency of notifications sent about subsequent finding occurrences.

property id

id?: undefined | string;

property serviceRoleArn

serviceRoleArn: string;

The service-linked role that grants GuardDuty access to the resources in the AWS account.

property status

status: string;

The current status of the detector.

interface InviteAccepterArgs

interface InviteAccepterArgs

The set of arguments for constructing a InviteAccepter resource.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the member GuardDuty account.

property masterAccountId

masterAccountId: pulumi.Input<string>;

AWS account ID for master account.

interface InviteAccepterState

interface InviteAccepterState

Input properties used for looking up and filtering InviteAccepter resources.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the member GuardDuty account.

property masterAccountId

masterAccountId?: pulumi.Input<string>;

AWS account ID for master account.

interface IPSetArgs

interface IPSetArgs

The set of arguments for constructing a IPSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;

property location

location: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface IPSetState

interface IPSetState

Input properties used for looking up and filtering IPSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded IPSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;

property location

location?: pulumi.Input<string>;

The URI of the file that contains the IPSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the IPSet.

interface MemberArgs

interface MemberArgs

The set of arguments for constructing a Member resource.

property accountId

accountId: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

interface MemberState

interface MemberState

Input properties used for looking up and filtering Member resources.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID for member account.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty account where you want to create member accounts.

property disableEmailNotification

disableEmailNotification?: pulumi.Input<boolean>;

Boolean whether an email notification is sent to the accounts. Defaults to false.

property email

email?: pulumi.Input<string>;

Email address for member account.

property invitationMessage

invitationMessage?: pulumi.Input<string>;

Message for invitation.

property invite

invite?: pulumi.Input<boolean>;

property relationshipStatus

relationshipStatus?: pulumi.Input<string>;

The status of the relationship between the member account and its master account. More information can be found in Amazon GuardDuty API Reference.

interface OrganizationAdminAccountArgs

interface OrganizationAdminAccountArgs

The set of arguments for constructing a OrganizationAdminAccount resource.

property adminAccountId

adminAccountId: pulumi.Input<string>;

AWS account identifier to designate as a delegated administrator for GuardDuty.

interface OrganizationAdminAccountState

interface OrganizationAdminAccountState

Input properties used for looking up and filtering OrganizationAdminAccount resources.

property adminAccountId

adminAccountId?: pulumi.Input<string>;

AWS account identifier to designate as a delegated administrator for GuardDuty.

interface OrganizationConfigurationArgs

interface OrganizationConfigurationArgs

The set of arguments for constructing a OrganizationConfiguration resource.

property autoEnable

autoEnable: pulumi.Input<boolean>;

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty account.

interface OrganizationConfigurationState

interface OrganizationConfigurationState

Input properties used for looking up and filtering OrganizationConfiguration resources.

property autoEnable

autoEnable?: pulumi.Input<boolean>;

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty account.

interface ThreatIntelSetArgs

interface ThreatIntelSetArgs

The set of arguments for constructing a ThreatIntelSet resource.

property activate

activate: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format: pulumi.Input<string>;

property location

location: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.

interface ThreatIntelSetState

interface ThreatIntelSetState

Input properties used for looking up and filtering ThreatIntelSet resources.

property activate

activate?: pulumi.Input<boolean>;

Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.

property detectorId

detectorId?: pulumi.Input<string>;

The detector ID of the GuardDuty.

property format

format?: pulumi.Input<string>;

property location

location?: pulumi.Input<string>;

The URI of the file that contains the ThreatIntelSet.

property name

name?: pulumi.Input<string>;

The friendly name to identify the ThreatIntelSet.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module guardduty

Resources

Functions

Others

Resources

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage

Example Usage

Functions

Example Usage

Others