aws.guardduty.Filter
Provides a resource to manage a GuardDuty filter.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var myFilter = new Aws.GuardDuty.Filter("myFilter", new()
{
Action = "ARCHIVE",
DetectorId = aws_guardduty_detector.Example.Id,
Rank = 1,
FindingCriteria = new Aws.GuardDuty.Inputs.FilterFindingCriteriaArgs
{
Criterions = new[]
{
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "region",
Equals = new[]
{
"eu-west-1",
},
},
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "service.additionalInfo.threatListName",
NotEquals = new[]
{
"some-threat",
"another-threat",
},
},
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "updatedAt",
GreaterThan = "2020-01-01T00:00:00Z",
LessThan = "2020-02-01T00:00:00Z",
},
new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
{
Field = "severity",
GreaterThanOrEqual = "4",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/guardduty"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := guardduty.NewFilter(ctx, "myFilter", &guardduty.FilterArgs{
Action: pulumi.String("ARCHIVE"),
DetectorId: pulumi.Any(aws_guardduty_detector.Example.Id),
Rank: pulumi.Int(1),
FindingCriteria: &guardduty.FilterFindingCriteriaArgs{
Criterions: guardduty.FilterFindingCriteriaCriterionArray{
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("region"),
Equals: pulumi.StringArray{
pulumi.String("eu-west-1"),
},
},
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("service.additionalInfo.threatListName"),
NotEquals: pulumi.StringArray{
pulumi.String("some-threat"),
pulumi.String("another-threat"),
},
},
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("updatedAt"),
GreaterThan: pulumi.String("2020-01-01T00:00:00Z"),
LessThan: pulumi.String("2020-02-01T00:00:00Z"),
},
&guardduty.FilterFindingCriteriaCriterionArgs{
Field: pulumi.String("severity"),
GreaterThanOrEqual: pulumi.String("4"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.guardduty.Filter;
import com.pulumi.aws.guardduty.FilterArgs;
import com.pulumi.aws.guardduty.inputs.FilterFindingCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myFilter = new Filter("myFilter", FilterArgs.builder()
.action("ARCHIVE")
.detectorId(aws_guardduty_detector.example().id())
.rank(1)
.findingCriteria(FilterFindingCriteriaArgs.builder()
.criterions(
FilterFindingCriteriaCriterionArgs.builder()
.field("region")
.equals("eu-west-1")
.build(),
FilterFindingCriteriaCriterionArgs.builder()
.field("service.additionalInfo.threatListName")
.notEquals(
"some-threat",
"another-threat")
.build(),
FilterFindingCriteriaCriterionArgs.builder()
.field("updatedAt")
.greaterThan("2020-01-01T00:00:00Z")
.lessThan("2020-02-01T00:00:00Z")
.build(),
FilterFindingCriteriaCriterionArgs.builder()
.field("severity")
.greaterThanOrEqual("4")
.build())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
my_filter = aws.guardduty.Filter("myFilter",
action="ARCHIVE",
detector_id=aws_guardduty_detector["example"]["id"],
rank=1,
finding_criteria=aws.guardduty.FilterFindingCriteriaArgs(
criterions=[
aws.guardduty.FilterFindingCriteriaCriterionArgs(
field="region",
equals=["eu-west-1"],
),
aws.guardduty.FilterFindingCriteriaCriterionArgs(
field="service.additionalInfo.threatListName",
not_equals=[
"some-threat",
"another-threat",
],
),
aws.guardduty.FilterFindingCriteriaCriterionArgs(
field="updatedAt",
greater_than="2020-01-01T00:00:00Z",
less_than="2020-02-01T00:00:00Z",
),
aws.guardduty.FilterFindingCriteriaCriterionArgs(
field="severity",
greater_than_or_equal="4",
),
],
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myFilter = new aws.guardduty.Filter("myFilter", {
action: "ARCHIVE",
detectorId: aws_guardduty_detector.example.id,
rank: 1,
findingCriteria: {
criterions: [
{
field: "region",
equals: ["eu-west-1"],
},
{
field: "service.additionalInfo.threatListName",
notEquals: [
"some-threat",
"another-threat",
],
},
{
field: "updatedAt",
greaterThan: "2020-01-01T00:00:00Z",
lessThan: "2020-02-01T00:00:00Z",
},
{
field: "severity",
greaterThanOrEqual: "4",
},
],
},
});
resources:
myFilter:
type: aws:guardduty:Filter
properties:
action: ARCHIVE
detectorId: ${aws_guardduty_detector.example.id}
rank: 1
findingCriteria:
criterions:
- field: region
equals:
- eu-west-1
- field: service.additionalInfo.threatListName
notEquals:
- some-threat
- another-threat
- field: updatedAt
greaterThan: 2020-01-01T00:00:00Z
lessThan: 2020-02-01T00:00:00Z
- field: severity
greaterThanOrEqual: '4'
Create Filter Resource
new Filter(name: string, args: FilterArgs, opts?: CustomResourceOptions);@overload
def Filter(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
description: Optional[str] = None,
detector_id: Optional[str] = None,
finding_criteria: Optional[FilterFindingCriteriaArgs] = None,
name: Optional[str] = None,
rank: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def Filter(resource_name: str,
args: FilterArgs,
opts: Optional[ResourceOptions] = None)func NewFilter(ctx *Context, name string, args FilterArgs, opts ...ResourceOption) (*Filter, error)public Filter(string name, FilterArgs args, CustomResourceOptions? opts = null)
public Filter(String name, FilterArgs args)
public Filter(String name, FilterArgs args, CustomResourceOptions options)
type: aws:guardduty:Filter
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FilterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FilterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FilterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FilterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FilterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Filter Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Filter resource accepts the following input properties:
- Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- Detector
Id string ID of a GuardDuty detector, attached to your account.
- Finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Description string
Description of the filter.
- Name string
The name of your filter.
- Dictionary<string, string>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- Detector
Id string ID of a GuardDuty detector, attached to your account.
- Finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Description string
Description of the filter.
- Name string
The name of your filter.
- map[string]string
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- action String
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- detector
Id String ID of a GuardDuty detector, attached to your account.
- finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- rank Integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- description String
Description of the filter.
- name String
The name of your filter.
- Map<String,String>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- detector
Id string ID of a GuardDuty detector, attached to your account.
- finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- rank number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- description string
Description of the filter.
- name string
The name of your filter.
- {[key: string]: string}
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- action str
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- detector_
id str ID of a GuardDuty detector, attached to your account.
- finding_
criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- description str
Description of the filter.
- name str
The name of your filter.
- Mapping[str, str]
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- action String
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- detector
Id String ID of a GuardDuty detector, attached to your account.
- finding
Criteria Property Map Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- rank Number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- description String
Description of the filter.
- name String
The name of your filter.
- Map<String>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the Filter resource produces the following output properties:
Look up Existing Filter Resource
Get an existing Filter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FilterState, opts?: CustomResourceOptions): Filter@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
arn: Optional[str] = None,
description: Optional[str] = None,
detector_id: Optional[str] = None,
finding_criteria: Optional[FilterFindingCriteriaArgs] = None,
name: Optional[str] = None,
rank: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> Filterfunc GetFilter(ctx *Context, name string, id IDInput, state *FilterState, opts ...ResourceOption) (*Filter, error)public static Filter Get(string name, Input<string> id, FilterState? state, CustomResourceOptions? opts = null)public static Filter get(String name, Output<String> id, FilterState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- Arn string
The ARN of the GuardDuty filter.
- Description string
Description of the filter.
- Detector
Id string ID of a GuardDuty detector, attached to your account.
- Finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- Name string
The name of your filter.
- Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Dictionary<string, string>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- Arn string
The ARN of the GuardDuty filter.
- Description string
Description of the filter.
- Detector
Id string ID of a GuardDuty detector, attached to your account.
- Finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- Name string
The name of your filter.
- Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- map[string]string
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- action String
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- arn String
The ARN of the GuardDuty filter.
- description String
Description of the filter.
- detector
Id String ID of a GuardDuty detector, attached to your account.
- finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- name String
The name of your filter.
- rank Integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Map<String,String>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- arn string
The ARN of the GuardDuty filter.
- description string
Description of the filter.
- detector
Id string ID of a GuardDuty detector, attached to your account.
- finding
Criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- name string
The name of your filter.
- rank number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- {[key: string]: string}
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- action str
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- arn str
The ARN of the GuardDuty filter.
- description str
Description of the filter.
- detector_
id str ID of a GuardDuty detector, attached to your account.
- finding_
criteria FilterFinding Criteria Args Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- name str
The name of your filter.
- rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Mapping[str, str]
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- action String
Specifies the action that is to be applied to the findings that match the filter. Can be one of
ARCHIVEorNOOP.- arn String
The ARN of the GuardDuty filter.
- description String
Description of the filter.
- detector
Id String ID of a GuardDuty detector, attached to your account.
- finding
Criteria Property Map Represents the criteria to be used in the filter for querying findings. Contains one or more
criterionblocks, documented below.- name String
The name of your filter.
- rank Number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Map<String>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Supporting Types
FilterFindingCriteria
FilterFindingCriteriaCriterion
- Field string
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
- Equals List<string>
List of string values to be evaluated.
- Greater
Than string A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Greater
Than stringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Less
Than string A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Less
Than stringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Not
Equals List<string> List of string values to be evaluated.
- Field string
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
- Equals []string
List of string values to be evaluated.
- Greater
Than string A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Greater
Than stringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Less
Than string A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Less
Than stringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- Not
Equals []string List of string values to be evaluated.
- field String
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
- equals_ List<String>
List of string values to be evaluated.
- greater
Than String A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- greater
Than StringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less
Than String A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less
Than StringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- not
Equals List<String> List of string values to be evaluated.
- field string
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
- equals string[]
List of string values to be evaluated.
- greater
Than string A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- greater
Than stringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less
Than string A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less
Than stringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- not
Equals string[] List of string values to be evaluated.
- field str
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
- equals Sequence[str]
List of string values to be evaluated.
- greater_
than str A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- greater_
than_ stror_ equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less_
than str A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less_
than_ stror_ equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- not_
equals Sequence[str] List of string values to be evaluated.
- field String
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
- equals List<String>
List of string values to be evaluated.
- greater
Than String A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- greater
Than StringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less
Than String A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- less
Than StringOr Equal A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
- not
Equals List<String> List of string values to be evaluated.
Import
GuardDuty filters can be imported using the detector ID and filter’s name separated by a colon, e.g.,
$ pulumi import aws:guardduty/filter:Filter MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilter
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.