guardduty

package
v3.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Detector 

type Detector struct {
	pulumi.CustomResourceState

	// The AWS account ID of the GuardDuty detector
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// Amazon Resource Name (ARN) of the GuardDuty detector
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Enable monitoring and feedback reporting. Setting to `false` is equivalent to "suspending" GuardDuty. Defaults to `true`.
	Enable pulumi.BoolPtrOutput `pulumi:"enable"`
	// Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.
	FindingPublishingFrequency pulumi.StringOutput `pulumi:"findingPublishingFrequency"`
	// Key-value map of resource tags.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty detector.

> **NOTE:** Deleting this resource is equivalent to "disabling" GuardDuty for an AWS region, which removes all existing findings. You can set the `enable` attribute to `false` to instead "suspend" monitoring and feedback reporting while keeping existing data. See the [Suspending or Disabling Amazon GuardDuty documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_suspend-disable.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.NewDetector(ctx, "myDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetDetector 

func GetDetector(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DetectorState, opts ...pulumi.ResourceOption) (*Detector, error)

GetDetector gets an existing Detector resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDetector 

func NewDetector(ctx *pulumi.Context,
	name string, args *DetectorArgs, opts ...pulumi.ResourceOption) (*Detector, error)

NewDetector registers a new resource with the given unique name, arguments, and options.

type DetectorArgs 

type DetectorArgs struct {
	// Enable monitoring and feedback reporting. Setting to `false` is equivalent to "suspending" GuardDuty. Defaults to `true`.
	Enable pulumi.BoolPtrInput
	// Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.
	FindingPublishingFrequency pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Detector resource.

func (DetectorArgs) ElementType 

func (DetectorArgs) ElementType() reflect.Type

type DetectorState 

type DetectorState struct {
	// The AWS account ID of the GuardDuty detector
	AccountId pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of the GuardDuty detector
	Arn pulumi.StringPtrInput
	// Enable monitoring and feedback reporting. Setting to `false` is equivalent to "suspending" GuardDuty. Defaults to `true`.
	Enable pulumi.BoolPtrInput
	// Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.
	FindingPublishingFrequency pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

func (DetectorState) ElementType 

func (DetectorState) ElementType() reflect.Type

type Filter added in v3.3.0 

type Filter struct {
	pulumi.CustomResourceState

	// Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.
	Action pulumi.StringOutput `pulumi:"action"`
	// The ARN of the GuardDuty filter.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the filter.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// ID of a GuardDuty detector, attached to your account.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// Represents the criteria to be used in the filter for querying findings. Contains one or more `criterion` blocks, documented below.
	FindingCriteria FilterFindingCriteriaOutput `pulumi:"findingCriteria"`
	// The name of your filter.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
	Rank pulumi.IntOutput `pulumi:"rank"`
	// The tags that you want to add to the Filter resource. A tag consists of a key and a value.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty filter.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.NewFilter(ctx, "myFilter", &guardduty.FilterArgs{
			Action:     pulumi.String("ARCHIVE"),
			DetectorId: pulumi.Any(aws_guardduty_detector.Example.Id),
			Rank:       pulumi.Int(1),
			FindingCriteria: &guardduty.FilterFindingCriteriaArgs{
				Criterions: guardduty.FilterFindingCriteriaCriterionArray{
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field: pulumi.String("region"),
						Equals: pulumi.StringArray{
							pulumi.String("eu-west-1"),
						},
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field: pulumi.String("service.additionalInfo.threatListName"),
						NotEquals: pulumi.StringArray{
							pulumi.String("some-threat"),
							pulumi.String("another-threat"),
						},
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field:       pulumi.String("updatedAt"),
						GreaterThan: pulumi.String("2020-01-01T00:00:00Z"),
						LessThan:    pulumi.String("2020-02-01T00:00:00Z"),
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field:              pulumi.String("severity"),
						GreaterThanOrEqual: pulumi.String("4"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetFilter added in v3.3.0 

func GetFilter(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *FilterState, opts ...pulumi.ResourceOption) (*Filter, error)

GetFilter gets an existing Filter resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewFilter added in v3.3.0 

func NewFilter(ctx *pulumi.Context,
	name string, args *FilterArgs, opts ...pulumi.ResourceOption) (*Filter, error)

NewFilter registers a new resource with the given unique name, arguments, and options.

type FilterArgs added in v3.3.0 

type FilterArgs struct {
	// Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.
	Action pulumi.StringInput
	// Description of the filter.
	Description pulumi.StringPtrInput
	// ID of a GuardDuty detector, attached to your account.
	DetectorId pulumi.StringInput
	// Represents the criteria to be used in the filter for querying findings. Contains one or more `criterion` blocks, documented below.
	FindingCriteria FilterFindingCriteriaInput
	// The name of your filter.
	Name pulumi.StringPtrInput
	// Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
	Rank pulumi.IntInput
	// The tags that you want to add to the Filter resource. A tag consists of a key and a value.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Filter resource.

func (FilterArgs) ElementType added in v3.3.0 

func (FilterArgs) ElementType() reflect.Type

type FilterFindingCriteria added in v3.3.0 

type FilterFindingCriteria struct {
	Criterions []FilterFindingCriteriaCriterion `pulumi:"criterions"`
}

type FilterFindingCriteriaArgs added in v3.3.0 

type FilterFindingCriteriaArgs struct {
	Criterions FilterFindingCriteriaCriterionArrayInput `pulumi:"criterions"`
}

func (FilterFindingCriteriaArgs) ElementType added in v3.3.0 

func (FilterFindingCriteriaArgs) ElementType() reflect.Type

func (FilterFindingCriteriaArgs) ToFilterFindingCriteriaOutput added in v3.3.0 

func (i FilterFindingCriteriaArgs) ToFilterFindingCriteriaOutput() FilterFindingCriteriaOutput

func (FilterFindingCriteriaArgs) ToFilterFindingCriteriaOutputWithContext added in v3.3.0 

func (i FilterFindingCriteriaArgs) ToFilterFindingCriteriaOutputWithContext(ctx context.Context) FilterFindingCriteriaOutput

func (FilterFindingCriteriaArgs) ToFilterFindingCriteriaPtrOutput added in v3.3.0 

func (i FilterFindingCriteriaArgs) ToFilterFindingCriteriaPtrOutput() FilterFindingCriteriaPtrOutput

func (FilterFindingCriteriaArgs) ToFilterFindingCriteriaPtrOutputWithContext added in v3.3.0 

func (i FilterFindingCriteriaArgs) ToFilterFindingCriteriaPtrOutputWithContext(ctx context.Context) FilterFindingCriteriaPtrOutput

type FilterFindingCriteriaCriterion added in v3.3.0 

type FilterFindingCriteriaCriterion struct {
	// List of string values to be evaluated.
	Equals []string `pulumi:"equals"`
	// The name of the field to be evaluated. The full list of field names can be found in [AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria).
	Field string `pulumi:"field"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	GreaterThan *string `pulumi:"greaterThan"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	GreaterThanOrEqual *string `pulumi:"greaterThanOrEqual"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	LessThan *string `pulumi:"lessThan"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	LessThanOrEqual *string `pulumi:"lessThanOrEqual"`
	// List of string values to be evaluated.
	NotEquals []string `pulumi:"notEquals"`
}

type FilterFindingCriteriaCriterionArgs added in v3.3.0 

type FilterFindingCriteriaCriterionArgs struct {
	// List of string values to be evaluated.
	Equals pulumi.StringArrayInput `pulumi:"equals"`
	// The name of the field to be evaluated. The full list of field names can be found in [AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria).
	Field pulumi.StringInput `pulumi:"field"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	GreaterThan pulumi.StringPtrInput `pulumi:"greaterThan"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	GreaterThanOrEqual pulumi.StringPtrInput `pulumi:"greaterThanOrEqual"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	LessThan pulumi.StringPtrInput `pulumi:"lessThan"`
	// A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).
	LessThanOrEqual pulumi.StringPtrInput `pulumi:"lessThanOrEqual"`
	// List of string values to be evaluated.
	NotEquals pulumi.StringArrayInput `pulumi:"notEquals"`
}

func (FilterFindingCriteriaCriterionArgs) ElementType added in v3.3.0 

func (FilterFindingCriteriaCriterionArgs) ElementType() reflect.Type

func (FilterFindingCriteriaCriterionArgs) ToFilterFindingCriteriaCriterionOutput added in v3.3.0 

func (i FilterFindingCriteriaCriterionArgs) ToFilterFindingCriteriaCriterionOutput() FilterFindingCriteriaCriterionOutput

func (FilterFindingCriteriaCriterionArgs) ToFilterFindingCriteriaCriterionOutputWithContext added in v3.3.0 

func (i FilterFindingCriteriaCriterionArgs) ToFilterFindingCriteriaCriterionOutputWithContext(ctx context.Context) FilterFindingCriteriaCriterionOutput

type FilterFindingCriteriaCriterionArray added in v3.3.0 

type FilterFindingCriteriaCriterionArray []FilterFindingCriteriaCriterionInput

func (FilterFindingCriteriaCriterionArray) ElementType added in v3.3.0 

func (FilterFindingCriteriaCriterionArray) ElementType() reflect.Type

func (FilterFindingCriteriaCriterionArray) ToFilterFindingCriteriaCriterionArrayOutput added in v3.3.0 

func (i FilterFindingCriteriaCriterionArray) ToFilterFindingCriteriaCriterionArrayOutput() FilterFindingCriteriaCriterionArrayOutput

func (FilterFindingCriteriaCriterionArray) ToFilterFindingCriteriaCriterionArrayOutputWithContext added in v3.3.0 

func (i FilterFindingCriteriaCriterionArray) ToFilterFindingCriteriaCriterionArrayOutputWithContext(ctx context.Context) FilterFindingCriteriaCriterionArrayOutput

type FilterFindingCriteriaCriterionArrayInput added in v3.3.0 

type FilterFindingCriteriaCriterionArrayInput interface {
	pulumi.Input

	ToFilterFindingCriteriaCriterionArrayOutput() FilterFindingCriteriaCriterionArrayOutput
	ToFilterFindingCriteriaCriterionArrayOutputWithContext(context.Context) FilterFindingCriteriaCriterionArrayOutput
}

FilterFindingCriteriaCriterionArrayInput is an input type that accepts FilterFindingCriteriaCriterionArray and FilterFindingCriteriaCriterionArrayOutput values. You can construct a concrete instance of `FilterFindingCriteriaCriterionArrayInput` via: 

FilterFindingCriteriaCriterionArray{ FilterFindingCriteriaCriterionArgs{...} }

type FilterFindingCriteriaCriterionArrayOutput added in v3.3.0 

type FilterFindingCriteriaCriterionArrayOutput struct{ *pulumi.OutputState }

func (FilterFindingCriteriaCriterionArrayOutput) ElementType added in v3.3.0 

func (FilterFindingCriteriaCriterionArrayOutput) ElementType() reflect.Type

func (FilterFindingCriteriaCriterionArrayOutput) Index added in v3.3.0 

func (o FilterFindingCriteriaCriterionArrayOutput) Index(i pulumi.IntInput) FilterFindingCriteriaCriterionOutput

func (FilterFindingCriteriaCriterionArrayOutput) ToFilterFindingCriteriaCriterionArrayOutput added in v3.3.0 

func (o FilterFindingCriteriaCriterionArrayOutput) ToFilterFindingCriteriaCriterionArrayOutput() FilterFindingCriteriaCriterionArrayOutput

func (FilterFindingCriteriaCriterionArrayOutput) ToFilterFindingCriteriaCriterionArrayOutputWithContext added in v3.3.0 

func (o FilterFindingCriteriaCriterionArrayOutput) ToFilterFindingCriteriaCriterionArrayOutputWithContext(ctx context.Context) FilterFindingCriteriaCriterionArrayOutput

type FilterFindingCriteriaCriterionInput added in v3.3.0 

type FilterFindingCriteriaCriterionInput interface {
	pulumi.Input

	ToFilterFindingCriteriaCriterionOutput() FilterFindingCriteriaCriterionOutput
	ToFilterFindingCriteriaCriterionOutputWithContext(context.Context) FilterFindingCriteriaCriterionOutput
}

FilterFindingCriteriaCriterionInput is an input type that accepts FilterFindingCriteriaCriterionArgs and FilterFindingCriteriaCriterionOutput values. You can construct a concrete instance of `FilterFindingCriteriaCriterionInput` via: 

FilterFindingCriteriaCriterionArgs{...}

type FilterFindingCriteriaCriterionOutput added in v3.3.0 

type FilterFindingCriteriaCriterionOutput struct{ *pulumi.OutputState }

func (FilterFindingCriteriaCriterionOutput) ElementType added in v3.3.0 

func (FilterFindingCriteriaCriterionOutput) ElementType() reflect.Type

func (FilterFindingCriteriaCriterionOutput) Equals added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) Equals() pulumi.StringArrayOutput

List of string values to be evaluated.

func (FilterFindingCriteriaCriterionOutput) Field added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) Field() pulumi.StringOutput

The name of the field to be evaluated. The full list of field names can be found in [AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria).

func (FilterFindingCriteriaCriterionOutput) GreaterThan added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) GreaterThan() pulumi.StringPtrOutput

A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).

func (FilterFindingCriteriaCriterionOutput) GreaterThanOrEqual added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) GreaterThanOrEqual() pulumi.StringPtrOutput

A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).

func (FilterFindingCriteriaCriterionOutput) LessThan added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) LessThan() pulumi.StringPtrOutput

A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).

func (FilterFindingCriteriaCriterionOutput) LessThanOrEqual added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) LessThanOrEqual() pulumi.StringPtrOutput

A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).

func (FilterFindingCriteriaCriterionOutput) NotEquals added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) NotEquals() pulumi.StringArrayOutput

List of string values to be evaluated.

func (FilterFindingCriteriaCriterionOutput) ToFilterFindingCriteriaCriterionOutput added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) ToFilterFindingCriteriaCriterionOutput() FilterFindingCriteriaCriterionOutput

func (FilterFindingCriteriaCriterionOutput) ToFilterFindingCriteriaCriterionOutputWithContext added in v3.3.0 

func (o FilterFindingCriteriaCriterionOutput) ToFilterFindingCriteriaCriterionOutputWithContext(ctx context.Context) FilterFindingCriteriaCriterionOutput

type FilterFindingCriteriaInput added in v3.3.0 

type FilterFindingCriteriaInput interface {
	pulumi.Input

	ToFilterFindingCriteriaOutput() FilterFindingCriteriaOutput
	ToFilterFindingCriteriaOutputWithContext(context.Context) FilterFindingCriteriaOutput
}

FilterFindingCriteriaInput is an input type that accepts FilterFindingCriteriaArgs and FilterFindingCriteriaOutput values. You can construct a concrete instance of `FilterFindingCriteriaInput` via: 

FilterFindingCriteriaArgs{...}

type FilterFindingCriteriaOutput added in v3.3.0 

type FilterFindingCriteriaOutput struct{ *pulumi.OutputState }

func (FilterFindingCriteriaOutput) Criterions added in v3.3.0 

func (o FilterFindingCriteriaOutput) Criterions() FilterFindingCriteriaCriterionArrayOutput

func (FilterFindingCriteriaOutput) ElementType added in v3.3.0 

func (FilterFindingCriteriaOutput) ElementType() reflect.Type

func (FilterFindingCriteriaOutput) ToFilterFindingCriteriaOutput added in v3.3.0 

func (o FilterFindingCriteriaOutput) ToFilterFindingCriteriaOutput() FilterFindingCriteriaOutput

func (FilterFindingCriteriaOutput) ToFilterFindingCriteriaOutputWithContext added in v3.3.0 

func (o FilterFindingCriteriaOutput) ToFilterFindingCriteriaOutputWithContext(ctx context.Context) FilterFindingCriteriaOutput

func (FilterFindingCriteriaOutput) ToFilterFindingCriteriaPtrOutput added in v3.3.0 

func (o FilterFindingCriteriaOutput) ToFilterFindingCriteriaPtrOutput() FilterFindingCriteriaPtrOutput

func (FilterFindingCriteriaOutput) ToFilterFindingCriteriaPtrOutputWithContext added in v3.3.0 

func (o FilterFindingCriteriaOutput) ToFilterFindingCriteriaPtrOutputWithContext(ctx context.Context) FilterFindingCriteriaPtrOutput

type FilterFindingCriteriaPtrInput added in v3.3.0 

type FilterFindingCriteriaPtrInput interface {
	pulumi.Input

	ToFilterFindingCriteriaPtrOutput() FilterFindingCriteriaPtrOutput
	ToFilterFindingCriteriaPtrOutputWithContext(context.Context) FilterFindingCriteriaPtrOutput
}

FilterFindingCriteriaPtrInput is an input type that accepts FilterFindingCriteriaArgs, FilterFindingCriteriaPtr and FilterFindingCriteriaPtrOutput values. You can construct a concrete instance of `FilterFindingCriteriaPtrInput` via: 

        FilterFindingCriteriaArgs{...}

or:

        nil

func FilterFindingCriteriaPtr added in v3.3.0 

func FilterFindingCriteriaPtr(v *FilterFindingCriteriaArgs) FilterFindingCriteriaPtrInput

type FilterFindingCriteriaPtrOutput added in v3.3.0 

type FilterFindingCriteriaPtrOutput struct{ *pulumi.OutputState }

func (FilterFindingCriteriaPtrOutput) Criterions added in v3.3.0 

func (o FilterFindingCriteriaPtrOutput) Criterions() FilterFindingCriteriaCriterionArrayOutput

func (FilterFindingCriteriaPtrOutput) Elem added in v3.3.0 

func (o FilterFindingCriteriaPtrOutput) Elem() FilterFindingCriteriaOutput

func (FilterFindingCriteriaPtrOutput) ElementType added in v3.3.0 

func (FilterFindingCriteriaPtrOutput) ElementType() reflect.Type

func (FilterFindingCriteriaPtrOutput) ToFilterFindingCriteriaPtrOutput added in v3.3.0 

func (o FilterFindingCriteriaPtrOutput) ToFilterFindingCriteriaPtrOutput() FilterFindingCriteriaPtrOutput

func (FilterFindingCriteriaPtrOutput) ToFilterFindingCriteriaPtrOutputWithContext added in v3.3.0 

func (o FilterFindingCriteriaPtrOutput) ToFilterFindingCriteriaPtrOutputWithContext(ctx context.Context) FilterFindingCriteriaPtrOutput

type FilterState added in v3.3.0 

type FilterState struct {
	// Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.
	Action pulumi.StringPtrInput
	// The ARN of the GuardDuty filter.
	Arn pulumi.StringPtrInput
	// Description of the filter.
	Description pulumi.StringPtrInput
	// ID of a GuardDuty detector, attached to your account.
	DetectorId pulumi.StringPtrInput
	// Represents the criteria to be used in the filter for querying findings. Contains one or more `criterion` blocks, documented below.
	FindingCriteria FilterFindingCriteriaPtrInput
	// The name of your filter.
	Name pulumi.StringPtrInput
	// Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
	Rank pulumi.IntPtrInput
	// The tags that you want to add to the Filter resource. A tag consists of a key and a value.
	Tags pulumi.StringMapInput
}

func (FilterState) ElementType added in v3.3.0 

func (FilterState) ElementType() reflect.Type

type IPSet 

type IPSet struct {
	pulumi.CustomResourceState

	// Specifies whether GuardDuty is to start using the uploaded IPSet.
	Activate pulumi.BoolOutput `pulumi:"activate"`
	// Amazon Resource Name (ARN) of the GuardDuty IPSet.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringOutput `pulumi:"format"`
	// The URI of the file that contains the IPSet.
	Location pulumi.StringOutput `pulumi:"location"`
	// The friendly name to identify the IPSet.
	Name pulumi.StringOutput `pulumi:"name"`
	// Key-value map of resource tags.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty IPSet.

> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the [GuardDuty API Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/create-ip-set.html)

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		myIPSet, err := s3.NewBucketObject(ctx, "myIPSet", &s3.BucketObjectArgs{
			Acl:     pulumi.String("public-read"),
			Content: pulumi.String("10.0.0.0/8\n"),
			Bucket:  bucket.ID(),
			Key:     pulumi.String("MyIPSet"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewIPSet(ctx, "example", &guardduty.IPSetArgs{
			Activate:   pulumi.Bool(true),
			DetectorId: primary.ID(),
			Format:     pulumi.String("TXT"),
			Location: pulumi.All(myIPSet.Bucket, myIPSet.Key).ApplyT(func(_args []interface{}) (string, error) {
				bucket := _args[0].(string)
				key := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v", "https://s3.amazonaws.com/", bucket, "/", key), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetIPSet 

func GetIPSet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IPSetState, opts ...pulumi.ResourceOption) (*IPSet, error)

GetIPSet gets an existing IPSet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIPSet 

func NewIPSet(ctx *pulumi.Context,
	name string, args *IPSetArgs, opts ...pulumi.ResourceOption) (*IPSet, error)

NewIPSet registers a new resource with the given unique name, arguments, and options.

type IPSetArgs 

type IPSetArgs struct {
	// Specifies whether GuardDuty is to start using the uploaded IPSet.
	Activate pulumi.BoolInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringInput
	// The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringInput
	// The URI of the file that contains the IPSet.
	Location pulumi.StringInput
	// The friendly name to identify the IPSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a IPSet resource.

func (IPSetArgs) ElementType 

func (IPSetArgs) ElementType() reflect.Type

type IPSetState 

type IPSetState struct {
	// Specifies whether GuardDuty is to start using the uploaded IPSet.
	Activate pulumi.BoolPtrInput
	// Amazon Resource Name (ARN) of the GuardDuty IPSet.
	Arn pulumi.StringPtrInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringPtrInput
	// The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringPtrInput
	// The URI of the file that contains the IPSet.
	Location pulumi.StringPtrInput
	// The friendly name to identify the IPSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

func (IPSetState) ElementType 

func (IPSetState) ElementType() reflect.Type

type InviteAccepter 

type InviteAccepter struct {
	pulumi.CustomResourceState

	// The detector ID of the member GuardDuty account.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// AWS account ID for primary account.
	MasterAccountId pulumi.StringOutput `pulumi:"masterAccountId"`
}

Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct primary account on read, and disassociate with the primary account upon removal.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/providers"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := providers.Newaws(ctx, "primary", nil)
		if err != nil {
			return err
		}
		_, err = providers.Newaws(ctx, "member", nil)
		if err != nil {
			return err
		}
		primaryDetector, err := guardduty.NewDetector(ctx, "primaryDetector", nil, pulumi.Provider(aws.Primary))
		if err != nil {
			return err
		}
		memberDetector, err := guardduty.NewDetector(ctx, "memberDetector", nil, pulumi.Provider(aws.Member))
		if err != nil {
			return err
		}
		memberMember, err := guardduty.NewMember(ctx, "memberMember", &guardduty.MemberArgs{
			AccountId:  memberDetector.AccountId,
			DetectorId: primaryDetector.ID(),
			Email:      pulumi.String("required@example.com"),
			Invite:     pulumi.Bool(true),
		}, pulumi.Provider(aws.Primary))
		if err != nil {
			return err
		}
		_, err = guardduty.NewInviteAccepter(ctx, "memberInviteAccepter", &guardduty.InviteAccepterArgs{
			DetectorId:      memberDetector.ID(),
			MasterAccountId: primaryDetector.AccountId,
		}, pulumi.Provider(aws.Member), pulumi.DependsOn([]pulumi.Resource{
			memberMember,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetInviteAccepter 

func GetInviteAccepter(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *InviteAccepterState, opts ...pulumi.ResourceOption) (*InviteAccepter, error)

GetInviteAccepter gets an existing InviteAccepter resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewInviteAccepter 

func NewInviteAccepter(ctx *pulumi.Context,
	name string, args *InviteAccepterArgs, opts ...pulumi.ResourceOption) (*InviteAccepter, error)

NewInviteAccepter registers a new resource with the given unique name, arguments, and options.

type InviteAccepterArgs 

type InviteAccepterArgs struct {
	// The detector ID of the member GuardDuty account.
	DetectorId pulumi.StringInput
	// AWS account ID for primary account.
	MasterAccountId pulumi.StringInput
}

The set of arguments for constructing a InviteAccepter resource.

func (InviteAccepterArgs) ElementType 

func (InviteAccepterArgs) ElementType() reflect.Type

type InviteAccepterState 

type InviteAccepterState struct {
	// The detector ID of the member GuardDuty account.
	DetectorId pulumi.StringPtrInput
	// AWS account ID for primary account.
	MasterAccountId pulumi.StringPtrInput
}

func (InviteAccepterState) ElementType 

func (InviteAccepterState) ElementType() reflect.Type

type LookupDetectorArgs 

type LookupDetectorArgs struct {
	// The ID of the detector.
	Id *string `pulumi:"id"`
}

A collection of arguments for invoking getDetector.

type LookupDetectorResult 

type LookupDetectorResult struct {
	// The frequency of notifications sent about subsequent finding occurrences.
	FindingPublishingFrequency string  `pulumi:"findingPublishingFrequency"`
	Id                         *string `pulumi:"id"`
	// The service-linked role that grants GuardDuty access to the resources in the AWS account.
	ServiceRoleArn string `pulumi:"serviceRoleArn"`
	// The current status of the detector.
	Status string `pulumi:"status"`
}

A collection of values returned by getDetector.

func LookupDetector 

func LookupDetector(ctx *pulumi.Context, args *LookupDetectorArgs, opts ...pulumi.InvokeOption) (*LookupDetectorResult, error)

Retrieve information about a GuardDuty detector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.LookupDetector(ctx, nil, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type Member 

type Member struct {
	pulumi.CustomResourceState

	// AWS account ID for member account.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// The detector ID of the GuardDuty account where you want to create member accounts.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// Boolean whether an email notification is sent to the accounts. Defaults to `false`.
	DisableEmailNotification pulumi.BoolPtrOutput `pulumi:"disableEmailNotification"`
	// Email address for member account.
	Email pulumi.StringOutput `pulumi:"email"`
	// Message for invitation.
	InvitationMessage pulumi.StringPtrOutput `pulumi:"invitationMessage"`
	// Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationshipStatus` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.
	Invite pulumi.BoolPtrOutput `pulumi:"invite"`
	// The status of the relationship between the member account and its primary account. More information can be found in [Amazon GuardDuty API Reference](https://docs.aws.amazon.com/guardduty/latest/ug/get-members.html).
	RelationshipStatus pulumi.StringOutput `pulumi:"relationshipStatus"`
}

Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the `guardduty.InviteAccepter` resource.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		memberDetector, err := guardduty.NewDetector(ctx, "memberDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		}, pulumi.Provider(aws.Dev))
		if err != nil {
			return err
		}
		_, err = guardduty.NewMember(ctx, "memberMember", &guardduty.MemberArgs{
			AccountId:         memberDetector.AccountId,
			DetectorId:        primary.ID(),
			Email:             pulumi.String("required@example.com"),
			Invite:            pulumi.Bool(true),
			InvitationMessage: pulumi.String("please accept guardduty invitation"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetMember 

func GetMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MemberState, opts ...pulumi.ResourceOption) (*Member, error)

GetMember gets an existing Member resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMember 

func NewMember(ctx *pulumi.Context,
	name string, args *MemberArgs, opts ...pulumi.ResourceOption) (*Member, error)

NewMember registers a new resource with the given unique name, arguments, and options.

type MemberArgs 

type MemberArgs struct {
	// AWS account ID for member account.
	AccountId pulumi.StringInput
	// The detector ID of the GuardDuty account where you want to create member accounts.
	DetectorId pulumi.StringInput
	// Boolean whether an email notification is sent to the accounts. Defaults to `false`.
	DisableEmailNotification pulumi.BoolPtrInput
	// Email address for member account.
	Email pulumi.StringInput
	// Message for invitation.
	InvitationMessage pulumi.StringPtrInput
	// Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationshipStatus` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.
	Invite pulumi.BoolPtrInput
}

The set of arguments for constructing a Member resource.

func (MemberArgs) ElementType 

func (MemberArgs) ElementType() reflect.Type

type MemberState 

type MemberState struct {
	// AWS account ID for member account.
	AccountId pulumi.StringPtrInput
	// The detector ID of the GuardDuty account where you want to create member accounts.
	DetectorId pulumi.StringPtrInput
	// Boolean whether an email notification is sent to the accounts. Defaults to `false`.
	DisableEmailNotification pulumi.BoolPtrInput
	// Email address for member account.
	Email pulumi.StringPtrInput
	// Message for invitation.
	InvitationMessage pulumi.StringPtrInput
	// Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationshipStatus` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.
	Invite pulumi.BoolPtrInput
	// The status of the relationship between the member account and its primary account. More information can be found in [Amazon GuardDuty API Reference](https://docs.aws.amazon.com/guardduty/latest/ug/get-members.html).
	RelationshipStatus pulumi.StringPtrInput
}

func (MemberState) ElementType 

func (MemberState) ElementType() reflect.Type

type OrganizationAdminAccount 

type OrganizationAdminAccount struct {
	pulumi.CustomResourceState

	// AWS account identifier to designate as a delegated administrator for GuardDuty.
	AdminAccountId pulumi.StringOutput `pulumi:"adminAccountId"`
}

Manages a GuardDuty Organization Admin Account. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in GuardDuty can be found in the [GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleOrganization, err := organizations.NewOrganization(ctx, "exampleOrganization", &organizations.OrganizationArgs{
			AwsServiceAccessPrincipals: pulumi.StringArray{
				pulumi.String("guardduty.amazonaws.com"),
			},
			FeatureSet: pulumi.String("ALL"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewDetector(ctx, "exampleDetector", nil)
		if err != nil {
			return err
		}
		_, err = guardduty.NewOrganizationAdminAccount(ctx, "exampleOrganizationAdminAccount", &guardduty.OrganizationAdminAccountArgs{
			AdminAccountId: pulumi.String("123456789012"),
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleOrganization,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetOrganizationAdminAccount 

func GetOrganizationAdminAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationAdminAccountState, opts ...pulumi.ResourceOption) (*OrganizationAdminAccount, error)

GetOrganizationAdminAccount gets an existing OrganizationAdminAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationAdminAccount 

func NewOrganizationAdminAccount(ctx *pulumi.Context,
	name string, args *OrganizationAdminAccountArgs, opts ...pulumi.ResourceOption) (*OrganizationAdminAccount, error)

NewOrganizationAdminAccount registers a new resource with the given unique name, arguments, and options.

type OrganizationAdminAccountArgs 

type OrganizationAdminAccountArgs struct {
	// AWS account identifier to designate as a delegated administrator for GuardDuty.
	AdminAccountId pulumi.StringInput
}

The set of arguments for constructing a OrganizationAdminAccount resource.

func (OrganizationAdminAccountArgs) ElementType 

func (OrganizationAdminAccountArgs) ElementType() reflect.Type

type OrganizationAdminAccountState 

type OrganizationAdminAccountState struct {
	// AWS account identifier to designate as a delegated administrator for GuardDuty.
	AdminAccountId pulumi.StringPtrInput
}

func (OrganizationAdminAccountState) ElementType 

func (OrganizationAdminAccountState) ElementType() reflect.Type

type OrganizationConfiguration 

type OrganizationConfiguration struct {
	pulumi.CustomResourceState

	// When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
	AutoEnable pulumi.BoolOutput `pulumi:"autoEnable"`
	// The detector ID of the GuardDuty account.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
}

Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g. via the `guardduty.OrganizationAdminAccount` resource. More information about Organizations support in GuardDuty can be found in the [GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).

> **NOTE:** This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleDetector, err := guardduty.NewDetector(ctx, "exampleDetector", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewOrganizationConfiguration(ctx, "exampleOrganizationConfiguration", &guardduty.OrganizationConfigurationArgs{
			AutoEnable: pulumi.Bool(true),
			DetectorId: exampleDetector.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetOrganizationConfiguration 

func GetOrganizationConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationConfigurationState, opts ...pulumi.ResourceOption) (*OrganizationConfiguration, error)

GetOrganizationConfiguration gets an existing OrganizationConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationConfiguration 

func NewOrganizationConfiguration(ctx *pulumi.Context,
	name string, args *OrganizationConfigurationArgs, opts ...pulumi.ResourceOption) (*OrganizationConfiguration, error)

NewOrganizationConfiguration registers a new resource with the given unique name, arguments, and options.

type OrganizationConfigurationArgs 

type OrganizationConfigurationArgs struct {
	// When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
	AutoEnable pulumi.BoolInput
	// The detector ID of the GuardDuty account.
	DetectorId pulumi.StringInput
}

The set of arguments for constructing a OrganizationConfiguration resource.

func (OrganizationConfigurationArgs) ElementType 

func (OrganizationConfigurationArgs) ElementType() reflect.Type

type OrganizationConfigurationState 

type OrganizationConfigurationState struct {
	// When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.
	AutoEnable pulumi.BoolPtrInput
	// The detector ID of the GuardDuty account.
	DetectorId pulumi.StringPtrInput
}

func (OrganizationConfigurationState) ElementType 

func (OrganizationConfigurationState) ElementType() reflect.Type

type PublishingDestination added in v3.3.0 

type PublishingDestination struct {
	pulumi.CustomResourceState

	// The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be `AWSLogs/[Account-ID]/GuardDuty/[Region]/` if not provided
	DestinationArn pulumi.StringOutput `pulumi:"destinationArn"`
	// Currently there is only "S3" available as destination type which is also the default value
	DestinationType pulumi.StringPtrOutput `pulumi:"destinationType"`
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.
	KmsKeyArn pulumi.StringOutput `pulumi:"kmsKeyArn"`
}

Provides a resource to manage a GuardDuty PublishingDestination. Requires an existing GuardDuty Detector.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		currentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		currentRegion, err := aws.GetRegion(ctx, nil, nil)
		if err != nil {
			return err
		}
		gdBucket, err := s3.NewBucket(ctx, "gdBucket", &s3.BucketArgs{
			Acl:          pulumi.String("private"),
			ForceDestroy: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		kmsPol, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				iam.GetPolicyDocumentStatement{
					Sid: "Allow GuardDuty to encrypt findings",
					Actions: []string{
						"kms:GenerateDataKey",
					},
					Resources: []string{
						fmt.Sprintf("%v%v%v%v%v", "arn:aws:kms:", currentRegion.Name, ":", currentCallerIdentity.AccountId, ":key/*"),
					},
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						iam.GetPolicyDocumentStatementPrincipal{
							Type: "Service",
							Identifiers: []string{
								"guardduty.amazonaws.com",
							},
						},
					},
				},
				iam.GetPolicyDocumentStatement{
					Sid: "Allow all users to modify/delete key (test only)",
					Actions: []string{
						"kms:*",
					},
					Resources: []string{
						fmt.Sprintf("%v%v%v%v%v", "arn:aws:kms:", currentRegion.Name, ":", currentCallerIdentity.AccountId, ":key/*"),
					},
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						iam.GetPolicyDocumentStatementPrincipal{
							Type: "AWS",
							Identifiers: []string{
								fmt.Sprintf("%v%v%v", "arn:aws:iam::", currentCallerIdentity.AccountId, ":root"),
							},
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		testGd, err := guardduty.NewDetector(ctx, "testGd", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		gdBucketPolicy, err := s3.NewBucketPolicy(ctx, "gdBucketPolicy", &s3.BucketPolicyArgs{
			Bucket: gdBucket.ID(),
			Policy: bucketPol.ApplyT(func(bucketPol iam.GetPolicyDocumentResult) (string, error) {
				return bucketPol.Json, nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		gdKey, err := kms.NewKey(ctx, "gdKey", &kms.KeyArgs{
			Description:          pulumi.String("Temporary key for AccTest of TF"),
			DeletionWindowInDays: pulumi.Int(7),
			Policy:               pulumi.String(kmsPol.Json),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewPublishingDestination(ctx, "test", &guardduty.PublishingDestinationArgs{
			DetectorId:     testGd.ID(),
			DestinationArn: gdBucket.Arn,
			KmsKeyArn:      gdKey.Arn,
		}, pulumi.DependsOn([]pulumi.Resource{
			gdBucketPolicy,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

> **Note:** Please do not use this simple example for Bucket-Policy and KMS Key Policy in a production environment. It is much too open for such a use-case. Refer to the AWS documentation here: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html

func GetPublishingDestination added in v3.3.0 

func GetPublishingDestination(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PublishingDestinationState, opts ...pulumi.ResourceOption) (*PublishingDestination, error)

GetPublishingDestination gets an existing PublishingDestination resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPublishingDestination added in v3.3.0 

func NewPublishingDestination(ctx *pulumi.Context,
	name string, args *PublishingDestinationArgs, opts ...pulumi.ResourceOption) (*PublishingDestination, error)

NewPublishingDestination registers a new resource with the given unique name, arguments, and options.

type PublishingDestinationArgs added in v3.3.0 

type PublishingDestinationArgs struct {
	// The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be `AWSLogs/[Account-ID]/GuardDuty/[Region]/` if not provided
	DestinationArn pulumi.StringInput
	// Currently there is only "S3" available as destination type which is also the default value
	DestinationType pulumi.StringPtrInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringInput
	// The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.
	KmsKeyArn pulumi.StringInput
}

The set of arguments for constructing a PublishingDestination resource.

func (PublishingDestinationArgs) ElementType added in v3.3.0 

func (PublishingDestinationArgs) ElementType() reflect.Type

type PublishingDestinationState added in v3.3.0 

type PublishingDestinationState struct {
	// The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be `AWSLogs/[Account-ID]/GuardDuty/[Region]/` if not provided
	DestinationArn pulumi.StringPtrInput
	// Currently there is only "S3" available as destination type which is also the default value
	DestinationType pulumi.StringPtrInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringPtrInput
	// The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.
	KmsKeyArn pulumi.StringPtrInput
}

func (PublishingDestinationState) ElementType added in v3.3.0 

func (PublishingDestinationState) ElementType() reflect.Type

type ThreatIntelSet 

type ThreatIntelSet struct {
	pulumi.CustomResourceState

	// Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
	Activate pulumi.BoolOutput `pulumi:"activate"`
	// Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringOutput `pulumi:"detectorId"`
	// The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringOutput `pulumi:"format"`
	// The URI of the file that contains the ThreatIntelSet.
	Location pulumi.StringOutput `pulumi:"location"`
	// The friendly name to identify the ThreatIntelSet.
	Name pulumi.StringOutput `pulumi:"name"`
	// Key-value map of resource tags.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a resource to manage a GuardDuty ThreatIntelSet.

> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the [GuardDuty API Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/create-threat-intel-set.html)

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/guardduty"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		myThreatIntelSetBucketObject, err := s3.NewBucketObject(ctx, "myThreatIntelSetBucketObject", &s3.BucketObjectArgs{
			Acl:     pulumi.String("public-read"),
			Content: pulumi.String("10.0.0.0/8\n"),
			Bucket:  bucket.ID(),
			Key:     pulumi.String("MyThreatIntelSet"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewThreatIntelSet(ctx, "myThreatIntelSetThreatIntelSet", &guardduty.ThreatIntelSetArgs{
			Activate:   pulumi.Bool(true),
			DetectorId: primary.ID(),
			Format:     pulumi.String("TXT"),
			Location: pulumi.All(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).ApplyT(func(_args []interface{}) (string, error) {
				bucket := _args[0].(string)
				key := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v", "https://s3.amazonaws.com/", bucket, "/", key), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetThreatIntelSet 

func GetThreatIntelSet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ThreatIntelSetState, opts ...pulumi.ResourceOption) (*ThreatIntelSet, error)

GetThreatIntelSet gets an existing ThreatIntelSet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewThreatIntelSet 

func NewThreatIntelSet(ctx *pulumi.Context,
	name string, args *ThreatIntelSetArgs, opts ...pulumi.ResourceOption) (*ThreatIntelSet, error)

NewThreatIntelSet registers a new resource with the given unique name, arguments, and options.

type ThreatIntelSetArgs 

type ThreatIntelSetArgs struct {
	// Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
	Activate pulumi.BoolInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringInput
	// The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringInput
	// The URI of the file that contains the ThreatIntelSet.
	Location pulumi.StringInput
	// The friendly name to identify the ThreatIntelSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a ThreatIntelSet resource.

func (ThreatIntelSetArgs) ElementType 

func (ThreatIntelSetArgs) ElementType() reflect.Type

type ThreatIntelSetState 

type ThreatIntelSetState struct {
	// Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
	Activate pulumi.BoolPtrInput
	// Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
	Arn pulumi.StringPtrInput
	// The detector ID of the GuardDuty.
	DetectorId pulumi.StringPtrInput
	// The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`
	Format pulumi.StringPtrInput
	// The URI of the file that contains the ThreatIntelSet.
	Location pulumi.StringPtrInput
	// The friendly name to identify the ThreatIntelSet.
	Name pulumi.StringPtrInput
	// Key-value map of resource tags.
	Tags pulumi.StringMapInput
}

func (ThreatIntelSetState) ElementType 

func (ThreatIntelSetState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.