AWS Classic

v4.30.0 published on Tuesday, Nov 30, 2021 by Pulumi

Filter

Provides a resource to manage a GuardDuty filter.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var myFilter = new Aws.GuardDuty.Filter("myFilter", new Aws.GuardDuty.FilterArgs
        {
            Action = "ARCHIVE",
            DetectorId = aws_guardduty_detector.Example.Id,
            Rank = 1,
            FindingCriteria = new Aws.GuardDuty.Inputs.FilterFindingCriteriaArgs
            {
                Criterions = 
                {
                    new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                    {
                        Field = "region",
                        Equals = 
                        {
                            "eu-west-1",
                        },
                    },
                    new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                    {
                        Field = "service.additionalInfo.threatListName",
                        NotEquals = 
                        {
                            "some-threat",
                            "another-threat",
                        },
                    },
                    new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                    {
                        Field = "updatedAt",
                        GreaterThan = "2020-01-01T00:00:00Z",
                        LessThan = "2020-02-01T00:00:00Z",
                    },
                    new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs
                    {
                        Field = "severity",
                        GreaterThanOrEqual = "4",
                    },
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := guardduty.NewFilter(ctx, "myFilter", &guardduty.FilterArgs{
			Action:     pulumi.String("ARCHIVE"),
			DetectorId: pulumi.Any(aws_guardduty_detector.Example.Id),
			Rank:       pulumi.Int(1),
			FindingCriteria: &guardduty.FilterFindingCriteriaArgs{
				Criterions: guardduty.FilterFindingCriteriaCriterionArray{
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field: pulumi.String("region"),
						Equals: pulumi.StringArray{
							pulumi.String("eu-west-1"),
						},
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field: pulumi.String("service.additionalInfo.threatListName"),
						NotEquals: pulumi.StringArray{
							pulumi.String("some-threat"),
							pulumi.String("another-threat"),
						},
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field:       pulumi.String("updatedAt"),
						GreaterThan: pulumi.String("2020-01-01T00:00:00Z"),
						LessThan:    pulumi.String("2020-02-01T00:00:00Z"),
					},
					&guardduty.FilterFindingCriteriaCriterionArgs{
						Field:              pulumi.String("severity"),
						GreaterThanOrEqual: pulumi.String("4"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

my_filter = aws.guardduty.Filter("myFilter",
    action="ARCHIVE",
    detector_id=aws_guardduty_detector["example"]["id"],
    rank=1,
    finding_criteria=aws.guardduty.FilterFindingCriteriaArgs(
        criterions=[
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="region",
                equals=["eu-west-1"],
            ),
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="service.additionalInfo.threatListName",
                not_equals=[
                    "some-threat",
                    "another-threat",
                ],
            ),
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="updatedAt",
                greater_than="2020-01-01T00:00:00Z",
                less_than="2020-02-01T00:00:00Z",
            ),
            aws.guardduty.FilterFindingCriteriaCriterionArgs(
                field="severity",
                greater_than_or_equal="4",
            ),
        ],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myFilter = new aws.guardduty.Filter("myFilter", {
    action: "ARCHIVE",
    detectorId: aws_guardduty_detector.example.id,
    rank: 1,
    findingCriteria: {
        criterions: [
            {
                field: "region",
                equals: ["eu-west-1"],
            },
            {
                field: "service.additionalInfo.threatListName",
                notEquals: [
                    "some-threat",
                    "another-threat",
                ],
            },
            {
                field: "updatedAt",
                greaterThan: "2020-01-01T00:00:00Z",
                lessThan: "2020-02-01T00:00:00Z",
            },
            {
                field: "severity",
                greaterThanOrEqual: "4",
            },
        ],
    },
});

Create a Filter Resource

new Filter(name: string, args: FilterArgs, opts?: CustomResourceOptions);
@overload
def Filter(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           action: Optional[str] = None,
           description: Optional[str] = None,
           detector_id: Optional[str] = None,
           finding_criteria: Optional[FilterFindingCriteriaArgs] = None,
           name: Optional[str] = None,
           rank: Optional[int] = None,
           tags: Optional[Mapping[str, str]] = None)
@overload
def Filter(resource_name: str,
           args: FilterArgs,
           opts: Optional[ResourceOptions] = None)
func NewFilter(ctx *Context, name string, args FilterArgs, opts ...ResourceOption) (*Filter, error)
public Filter(string name, FilterArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args FilterArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FilterArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FilterArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FilterArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Filter Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Filter resource accepts the following input properties:

Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
DetectorId string
ID of a GuardDuty detector, attached to your account.
FindingCriteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Description string
Description of the filter.
Name string
The name of your filter.
Tags Dictionary<string, string>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
DetectorId string
ID of a GuardDuty detector, attached to your account.
FindingCriteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Description string
Description of the filter.
Name string
The name of your filter.
Tags map[string]string
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
detectorId string
ID of a GuardDuty detector, attached to your account.
findingCriteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
rank number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
description string
Description of the filter.
name string
The name of your filter.
tags {[key: string]: string}
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
action str
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
detector_id str
ID of a GuardDuty detector, attached to your account.
finding_criteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
description str
Description of the filter.
name str
The name of your filter.
tags Mapping[str, str]
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Filter resource produces the following output properties:

Arn string
The ARN of the GuardDuty filter.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Arn string
The ARN of the GuardDuty filter.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
arn string
The ARN of the GuardDuty filter.
id string
The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
arn str
The ARN of the GuardDuty filter.
id str
The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .

Look up an Existing Filter Resource

Get an existing Filter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FilterState, opts?: CustomResourceOptions): Filter
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        detector_id: Optional[str] = None,
        finding_criteria: Optional[FilterFindingCriteriaArgs] = None,
        name: Optional[str] = None,
        rank: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Filter
func GetFilter(ctx *Context, name string, id IDInput, state *FilterState, opts ...ResourceOption) (*Filter, error)
public static Filter Get(string name, Input<string> id, FilterState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
Arn string
The ARN of the GuardDuty filter.
Description string
Description of the filter.
DetectorId string
ID of a GuardDuty detector, attached to your account.
FindingCriteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
Name string
The name of your filter.
Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Tags Dictionary<string, string>
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
Arn string
The ARN of the GuardDuty filter.
Description string
Description of the filter.
DetectorId string
ID of a GuardDuty detector, attached to your account.
FindingCriteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
Name string
The name of your filter.
Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Tags map[string]string
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
action string
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
arn string
The ARN of the GuardDuty filter.
description string
Description of the filter.
detectorId string
ID of a GuardDuty detector, attached to your account.
findingCriteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
name string
The name of your filter.
rank number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
tags {[key: string]: string}
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
action str
Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.
arn str
The ARN of the GuardDuty filter.
description str
Description of the filter.
detector_id str
ID of a GuardDuty detector, attached to your account.
finding_criteria FilterFindingCriteriaArgs
Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below.
name str
The name of your filter.
rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
tags Mapping[str, str]
The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .

Supporting Types

FilterFindingCriteria

FilterFindingCriteriaCriterion

Field string
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
Equals List<string>
List of string values to be evaluated.
GreaterThan string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
GreaterThanOrEqual string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
LessThan string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
LessThanOrEqual string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
NotEquals List<string>
List of string values to be evaluated.
Field string
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
Equals []string
List of string values to be evaluated.
GreaterThan string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
GreaterThanOrEqual string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
LessThan string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
LessThanOrEqual string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
NotEquals []string
List of string values to be evaluated.
field string
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
equals string[]
List of string values to be evaluated.
greaterThan string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
greaterThanOrEqual string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
lessThan string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
lessThanOrEqual string
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
notEquals string[]
List of string values to be evaluated.
field str
The name of the field to be evaluated. The full list of field names can be found in AWS documentation.
equals Sequence[str]
List of string values to be evaluated.
greater_than str
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
greater_than_or_equal str
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
less_than str
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
less_than_or_equal str
A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.
not_equals Sequence[str]
List of string values to be evaluated.

Import

GuardDuty filters can be imported using the detector ID and filter’s name separated by a colon, e.g.,

 $ pulumi import aws:guardduty/filter:Filter MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilter

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.