guardduty

package
v3.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 11, 2020 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Detector

type Detector struct {
	pulumi.CustomResourceState

	// The AWS account ID of the GuardDuty detector
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// Amazon Resource Name (ARN) of the GuardDuty detector
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Enable monitoring and feedback reporting. Setting to `false` is equivalent to "suspending" GuardDuty. Defaults to `true`.
	Enable pulumi.BoolPtrOutput `pulumi:"enable"`
	// Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.
	FindingPublishingFrequency pulumi.StringOutput `pulumi:"findingPublishingFrequency"`
	// Key-value map of resource tags.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty detector.

> **NOTE:** Deleting this resource is equivalent to "disabling" GuardDuty for an AWS region, which removes all existing findings. You can set the `enable` attribute to `false` to instead "suspend" monitoring and feedback reporting while keeping existing data. See the [Suspending or Disabling Amazon GuardDuty documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_suspend-disable.html) for more information.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.NewDetector(ctx, "myDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetDetector

func GetDetector(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DetectorState, opts ...pulumi.ResourceOption) (*Detector, error)

GetDetector gets an existing Detector resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDetector

func NewDetector(ctx *pulumi.Context,
	name string, args *DetectorArgs, opts ...pulumi.ResourceOption) (*Detector, error)

NewDetector registers a new resource with the given unique name, arguments, and options.

type DetectorArgs

type DetectorArgs struct {
	// Enable monitoring and feedback reporting. Setting to `false` is equivalent to "suspending" GuardDuty. Defaults to `true`.
	Enable pulumi.BoolPtrInput
	// Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.
	FindingPublishingFrequency pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Detector resource.

func (DetectorArgs) ElementType

func (DetectorArgs) ElementType() reflect.Type

type DetectorState

type DetectorState struct {
	// The AWS account ID of the GuardDuty detector
	AccountId pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of the GuardDuty detector
	Arn pulumi.StringPtrInput
	// Enable monitoring and feedback reporting. Setting to `false` is equivalent to "suspending" GuardDuty. Defaults to `true`.
	Enable pulumi.BoolPtrInput
	// Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.
	FindingPublishingFrequency pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

func (DetectorState) ElementType

func (DetectorState) ElementType() reflect.Type

type IPSet

type IPSet struct {
	pulumi.CustomResourceState

	// Specifies whether GuardDuty is to start using the uploaded IPSet.
	Activate pulumi.BoolOutput `pulumi:"activate"`
	// Amazon Resource Name (ARN) of the GuardDuty IPSet.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringOutput `pulumi:"format"`
	// The URI of the file that contains the IPSet.
	Location pulumi.StringOutput `pulumi:"location"`
	// The friendly name to identify the IPSet.
	Name pulumi.StringOutput `pulumi:"name"`
	// Key-value map of resource tags.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty IPSet.

> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the [GuardDuty API Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/create-ip-set.html)

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		myIPSet, err := s3.NewBucketObject(ctx, "myIPSet", &s3.BucketObjectArgs{
			Acl:     pulumi.String("public-read"),
			Content: pulumi.String("10.0.0.0/8\n"),
			Bucket:  bucket.ID(),
			Key:     pulumi.String("MyIPSet"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewIPSet(ctx, "example", &guardduty.IPSetArgs{
			Activate:   pulumi.Bool(true),
			DetectorId: primary.ID(),
			Format:     pulumi.String("TXT"),
			Location: pulumi.All(myIPSet.Bucket, myIPSet.Key).ApplyT(func(_args []interface{}) (string, error) {
				bucket := _args[0].(string)
				key := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v", "https://s3.amazonaws.com/", bucket, "/", key), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetIPSet

func GetIPSet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IPSetState, opts ...pulumi.ResourceOption) (*IPSet, error)

GetIPSet gets an existing IPSet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIPSet

func NewIPSet(ctx *pulumi.Context,
	name string, args *IPSetArgs, opts ...pulumi.ResourceOption) (*IPSet, error)

NewIPSet registers a new resource with the given unique name, arguments, and options.

type IPSetArgs

type IPSetArgs struct {
	// Specifies whether GuardDuty is to start using the uploaded IPSet.
	Activate pulumi.BoolInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringInput
	// The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringInput
	// The URI of the file that contains the IPSet.
	Location pulumi.StringInput
	// The friendly name to identify the IPSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a IPSet resource.

func (IPSetArgs) ElementType

func (IPSetArgs) ElementType() reflect.Type

type IPSetState

type IPSetState struct {
	// Specifies whether GuardDuty is to start using the uploaded IPSet.
	Activate pulumi.BoolPtrInput
	// Amazon Resource Name (ARN) of the GuardDuty IPSet.
	Arn pulumi.StringPtrInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringPtrInput
	// The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringPtrInput
	// The URI of the file that contains the IPSet.
	Location pulumi.StringPtrInput
	// The friendly name to identify the IPSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

func (IPSetState) ElementType

func (IPSetState) ElementType() reflect.Type

type InviteAccepter

type InviteAccepter struct {
	pulumi.CustomResourceState

	// The detector ID of the member GuardDuty account.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// AWS account ID for primary account.
	MasterAccountId pulumi.StringOutput `pulumi:"masterAccountId"`
}

Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct primary account on read, and disassociate with the primary account upon removal.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/providers"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := providers.Newaws(ctx, "primary", nil)
		if err != nil {
			return err
		}
		_, err = providers.Newaws(ctx, "member", nil)
		if err != nil {
			return err
		}
		primaryDetector, err := guardduty.NewDetector(ctx, "primaryDetector", nil, pulumi.Provider(aws.Primary))
		if err != nil {
			return err
		}
		memberDetector, err := guardduty.NewDetector(ctx, "memberDetector", nil, pulumi.Provider(aws.Member))
		if err != nil {
			return err
		}
		memberMember, err := guardduty.NewMember(ctx, "memberMember", &guardduty.MemberArgs{
			AccountId:  memberDetector.AccountId,
			DetectorId: primaryDetector.ID(),
			Email:      pulumi.String("required@example.com"),
			Invite:     pulumi.Bool(true),
		}, pulumi.Provider(aws.Primary))
		if err != nil {
			return err
		}
		_, err = guardduty.NewInviteAccepter(ctx, "memberInviteAccepter", &guardduty.InviteAccepterArgs{
			DetectorId:      memberDetector.ID(),
			MasterAccountId: primaryDetector.AccountId,
		}, pulumi.Provider(aws.Member), pulumi.DependsOn([]pulumi.Resource{
			memberMember,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetInviteAccepter

func GetInviteAccepter(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *InviteAccepterState, opts ...pulumi.ResourceOption) (*InviteAccepter, error)

GetInviteAccepter gets an existing InviteAccepter resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewInviteAccepter

func NewInviteAccepter(ctx *pulumi.Context,
	name string, args *InviteAccepterArgs, opts ...pulumi.ResourceOption) (*InviteAccepter, error)

NewInviteAccepter registers a new resource with the given unique name, arguments, and options.

type InviteAccepterArgs

type InviteAccepterArgs struct {
	// The detector ID of the member GuardDuty account.
	DetectorId pulumi.StringInput
	// AWS account ID for primary account.
	MasterAccountId pulumi.StringInput
}

The set of arguments for constructing a InviteAccepter resource.

func (InviteAccepterArgs) ElementType

func (InviteAccepterArgs) ElementType() reflect.Type

type InviteAccepterState

type InviteAccepterState struct {
	// The detector ID of the member GuardDuty account.
	DetectorId pulumi.StringPtrInput
	// AWS account ID for primary account.
	MasterAccountId pulumi.StringPtrInput
}

func (InviteAccepterState) ElementType

func (InviteAccepterState) ElementType() reflect.Type

type LookupDetectorArgs

type LookupDetectorArgs struct {
	// The ID of the detector.
	Id *string `pulumi:"id"`
}

A collection of arguments for invoking getDetector.

type LookupDetectorResult

type LookupDetectorResult struct {
	// The frequency of notifications sent about subsequent finding occurrences.
	FindingPublishingFrequency string  `pulumi:"findingPublishingFrequency"`
	Id                         *string `pulumi:"id"`
	// The service-linked role that grants GuardDuty access to the resources in the AWS account.
	ServiceRoleArn string `pulumi:"serviceRoleArn"`
	// The current status of the detector.
	Status string `pulumi:"status"`
}

A collection of values returned by getDetector.

func LookupDetector

func LookupDetector(ctx *pulumi.Context, args *LookupDetectorArgs, opts ...pulumi.InvokeOption) (*LookupDetectorResult, error)

Retrieve information about a GuardDuty detector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.LookupDetector(ctx, nil, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type Member

type Member struct {
	pulumi.CustomResourceState

	// AWS account ID for member account.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// The detector ID of the GuardDuty account where you want to create member accounts.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// Boolean whether an email notification is sent to the accounts. Defaults to `false`.
	DisableEmailNotification pulumi.BoolPtrOutput `pulumi:"disableEmailNotification"`
	// Email address for member account.
	Email pulumi.StringOutput `pulumi:"email"`
	// Message for invitation.
	InvitationMessage pulumi.StringPtrOutput `pulumi:"invitationMessage"`
	// Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationshipStatus` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.
	Invite pulumi.BoolPtrOutput `pulumi:"invite"`
	// The status of the relationship between the member account and its primary account. More information can be found in [Amazon GuardDuty API Reference](https://docs.aws.amazon.com/guardduty/latest/ug/get-members.html).
	RelationshipStatus pulumi.StringOutput `pulumi:"relationshipStatus"`
}

Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the `guardduty.InviteAccepter` resource.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		memberDetector, err := guardduty.NewDetector(ctx, "memberDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		}, pulumi.Provider(aws.Dev))
		if err != nil {
			return err
		}
		_, err = guardduty.NewMember(ctx, "memberMember", &guardduty.MemberArgs{
			AccountId:         memberDetector.AccountId,
			DetectorId:        primary.ID(),
			Email:             pulumi.String("required@example.com"),
			Invite:            pulumi.Bool(true),
			InvitationMessage: pulumi.String("please accept guardduty invitation"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetMember

func GetMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MemberState, opts ...pulumi.ResourceOption) (*Member, error)

GetMember gets an existing Member resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMember

func NewMember(ctx *pulumi.Context,
	name string, args *MemberArgs, opts ...pulumi.ResourceOption) (*Member, error)

NewMember registers a new resource with the given unique name, arguments, and options.

type MemberArgs

type MemberArgs struct {
	// AWS account ID for member account.
	AccountId pulumi.StringInput
	// The detector ID of the GuardDuty account where you want to create member accounts.
	DetectorId pulumi.StringInput
	// Boolean whether an email notification is sent to the accounts. Defaults to `false`.
	DisableEmailNotification pulumi.BoolPtrInput
	// Email address for member account.
	Email pulumi.StringInput
	// Message for invitation.
	InvitationMessage pulumi.StringPtrInput
	// Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationshipStatus` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.
	Invite pulumi.BoolPtrInput
}

The set of arguments for constructing a Member resource.

func (MemberArgs) ElementType

func (MemberArgs) ElementType() reflect.Type

type MemberState

type MemberState struct {
	// AWS account ID for member account.
	AccountId pulumi.StringPtrInput
	// The detector ID of the GuardDuty account where you want to create member accounts.
	DetectorId pulumi.StringPtrInput
	// Boolean whether an email notification is sent to the accounts. Defaults to `false`.
	DisableEmailNotification pulumi.BoolPtrInput
	// Email address for member account.
	Email pulumi.StringPtrInput
	// Message for invitation.
	InvitationMessage pulumi.StringPtrInput
	// Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationshipStatus` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.
	Invite pulumi.BoolPtrInput
	// The status of the relationship between the member account and its primary account. More information can be found in [Amazon GuardDuty API Reference](https://docs.aws.amazon.com/guardduty/latest/ug/get-members.html).
	RelationshipStatus pulumi.StringPtrInput
}

func (MemberState) ElementType

func (MemberState) ElementType() reflect.Type

type OrganizationAdminAccount

type OrganizationAdminAccount struct {
	pulumi.CustomResourceState

	// AWS account identifier to designate as a delegated administrator for GuardDuty.
	AdminAccountId pulumi.StringOutput `pulumi:"adminAccountId"`
}

Manages a GuardDuty Organization Admin Account. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in GuardDuty can be found in the [GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleOrganization, err := organizations.NewOrganization(ctx, "exampleOrganization", &organizations.OrganizationArgs{
			AwsServiceAccessPrincipals: pulumi.StringArray{
				pulumi.String("guardduty.amazonaws.com"),
			},
			FeatureSet: pulumi.String("ALL"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewDetector(ctx, "exampleDetector", nil)
		if err != nil {
			return err
		}
		_, err = guardduty.NewOrganizationAdminAccount(ctx, "exampleOrganizationAdminAccount", &guardduty.OrganizationAdminAccountArgs{
			AdminAccountId: pulumi.String("123456789012"),
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleOrganization,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetOrganizationAdminAccount

func GetOrganizationAdminAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationAdminAccountState, opts ...pulumi.ResourceOption) (*OrganizationAdminAccount, error)

GetOrganizationAdminAccount gets an existing OrganizationAdminAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationAdminAccount

func NewOrganizationAdminAccount(ctx *pulumi.Context,
	name string, args *OrganizationAdminAccountArgs, opts ...pulumi.ResourceOption) (*OrganizationAdminAccount, error)

NewOrganizationAdminAccount registers a new resource with the given unique name, arguments, and options.

type OrganizationAdminAccountArgs

type OrganizationAdminAccountArgs struct {
	// AWS account identifier to designate as a delegated administrator for GuardDuty.
	AdminAccountId pulumi.StringInput
}

The set of arguments for constructing a OrganizationAdminAccount resource.

func (OrganizationAdminAccountArgs) ElementType

type OrganizationAdminAccountState

type OrganizationAdminAccountState struct {
	// AWS account identifier to designate as a delegated administrator for GuardDuty.
	AdminAccountId pulumi.StringPtrInput
}

func (OrganizationAdminAccountState) ElementType

type OrganizationConfiguration

type OrganizationConfiguration struct {
	pulumi.CustomResourceState

	// When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
	AutoEnable pulumi.BoolOutput `pulumi:"autoEnable"`
	// The detector ID of the GuardDuty account.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
}

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g. via the `guardduty.OrganizationAdminAccount` resource. More information about Organizations support in GuardDuty can be found in the [GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).

> **NOTE:** This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleDetector, err := guardduty.NewDetector(ctx, "exampleDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewOrganizationConfiguration(ctx, "exampleOrganizationConfiguration", &guardduty.OrganizationConfigurationArgs{
			AutoEnable: pulumi.Bool(true),
			DetectorId: exampleDetector.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetOrganizationConfiguration

func GetOrganizationConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationConfigurationState, opts ...pulumi.ResourceOption) (*OrganizationConfiguration, error)

GetOrganizationConfiguration gets an existing OrganizationConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationConfiguration

func NewOrganizationConfiguration(ctx *pulumi.Context,
	name string, args *OrganizationConfigurationArgs, opts ...pulumi.ResourceOption) (*OrganizationConfiguration, error)

NewOrganizationConfiguration registers a new resource with the given unique name, arguments, and options.

type OrganizationConfigurationArgs

type OrganizationConfigurationArgs struct {
	// When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
	AutoEnable pulumi.BoolInput
	// The detector ID of the GuardDuty account.
	DetectorId pulumi.StringInput
}

The set of arguments for constructing a OrganizationConfiguration resource.

func (OrganizationConfigurationArgs) ElementType

type OrganizationConfigurationState

type OrganizationConfigurationState struct {
	// When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
	AutoEnable pulumi.BoolPtrInput
	// The detector ID of the GuardDuty account.
	DetectorId pulumi.StringPtrInput
}

func (OrganizationConfigurationState) ElementType

type ThreatIntelSet

type ThreatIntelSet struct {
	pulumi.CustomResourceState

	// Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
	Activate pulumi.BoolOutput `pulumi:"activate"`
	// Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringOutput `pulumi:"format"`
	// The URI of the file that contains the ThreatIntelSet.
	Location pulumi.StringOutput `pulumi:"location"`
	// The friendly name to identify the ThreatIntelSet.
	Name pulumi.StringOutput `pulumi:"name"`
	// Key-value map of resource tags.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty ThreatIntelSet.

> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the [GuardDuty API Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/create-threat-intel-set.html)

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		myThreatIntelSetBucketObject, err := s3.NewBucketObject(ctx, "myThreatIntelSetBucketObject", &s3.BucketObjectArgs{
			Acl:     pulumi.String("public-read"),
			Content: pulumi.String("10.0.0.0/8\n"),
			Bucket:  bucket.ID(),
			Key:     pulumi.String("MyThreatIntelSet"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewThreatIntelSet(ctx, "myThreatIntelSetThreatIntelSet", &guardduty.ThreatIntelSetArgs{
			Activate:   pulumi.Bool(true),
			DetectorId: primary.ID(),
			Format:     pulumi.String("TXT"),
			Location: pulumi.All(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).ApplyT(func(_args []interface{}) (string, error) {
				bucket := _args[0].(string)
				key := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v", "https://s3.amazonaws.com/", bucket, "/", key), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetThreatIntelSet

func GetThreatIntelSet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ThreatIntelSetState, opts ...pulumi.ResourceOption) (*ThreatIntelSet, error)

GetThreatIntelSet gets an existing ThreatIntelSet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewThreatIntelSet

func NewThreatIntelSet(ctx *pulumi.Context,
	name string, args *ThreatIntelSetArgs, opts ...pulumi.ResourceOption) (*ThreatIntelSet, error)

NewThreatIntelSet registers a new resource with the given unique name, arguments, and options.

type ThreatIntelSetArgs

type ThreatIntelSetArgs struct {
	// Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
	Activate pulumi.BoolInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringInput
	// The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringInput
	// The URI of the file that contains the ThreatIntelSet.
	Location pulumi.StringInput
	// The friendly name to identify the ThreatIntelSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a ThreatIntelSet resource.

func (ThreatIntelSetArgs) ElementType

func (ThreatIntelSetArgs) ElementType() reflect.Type

type ThreatIntelSetState

type ThreatIntelSetState struct {
	// Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
	Activate pulumi.BoolPtrInput
	// Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
	Arn pulumi.StringPtrInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringPtrInput
	// The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringPtrInput
	// The URI of the file that contains the ThreatIntelSet.
	Location pulumi.StringPtrInput
	// The friendly name to identify the ThreatIntelSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

func (ThreatIntelSetState) ElementType

func (ThreatIntelSetState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL