Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

AWS Classic

v4.25.0 published on Friday, Oct 15, 2021 by Pulumi

ThreatIntelSet

Provides a resource to manage a GuardDuty ThreatIntelSet.

Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var primary = new Aws.GuardDuty.Detector("primary", new Aws.GuardDuty.DetectorArgs
        {
            Enable = true,
        });
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
        });
        var myThreatIntelSetBucketObject = new Aws.S3.BucketObject("myThreatIntelSetBucketObject", new Aws.S3.BucketObjectArgs
        {
            Acl = "public-read",
            Content = @"10.0.0.0/8
",
            Bucket = bucket.Id,
            Key = "MyThreatIntelSet",
        });
        var myThreatIntelSetThreatIntelSet = new Aws.GuardDuty.ThreatIntelSet("myThreatIntelSetThreatIntelSet", new Aws.GuardDuty.ThreatIntelSetArgs
        {
            Activate = true,
            DetectorId = primary.Id,
            Format = "TXT",
            Location = Output.Tuple(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).Apply(values =>
            {
                var bucket = values.Item1;
                var key = values.Item2;
                return $"https://s3.amazonaws.com/{bucket}/{key}";
            }),
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := guardduty.NewDetector(ctx, "primary", &guardduty.DetectorArgs{
			Enable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		myThreatIntelSetBucketObject, err := s3.NewBucketObject(ctx, "myThreatIntelSetBucketObject", &s3.BucketObjectArgs{
			Acl:     pulumi.String("public-read"),
			Content: pulumi.String("10.0.0.0/8\n"),
			Bucket:  bucket.ID(),
			Key:     pulumi.String("MyThreatIntelSet"),
		})
		if err != nil {
			return err
		}
		_, err = guardduty.NewThreatIntelSet(ctx, "myThreatIntelSetThreatIntelSet", &guardduty.ThreatIntelSetArgs{
			Activate:   pulumi.Bool(true),
			DetectorId: primary.ID(),
			Format:     pulumi.String("TXT"),
			Location: pulumi.All(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).ApplyT(func(_args []interface{}) (string, error) {
				bucket := _args[0].(string)
				key := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v", "https://s3.amazonaws.com/", bucket, "/", key), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

primary = aws.guardduty.Detector("primary", enable=True)
bucket = aws.s3.Bucket("bucket", acl="private")
my_threat_intel_set_bucket_object = aws.s3.BucketObject("myThreatIntelSetBucketObject",
    acl="public-read",
    content="10.0.0.0/8\n",
    bucket=bucket.id,
    key="MyThreatIntelSet")
my_threat_intel_set_threat_intel_set = aws.guardduty.ThreatIntelSet("myThreatIntelSetThreatIntelSet",
    activate=True,
    detector_id=primary.id,
    format="TXT",
    location=pulumi.Output.all(my_threat_intel_set_bucket_object.bucket, my_threat_intel_set_bucket_object.key).apply(lambda bucket, key: f"https://s3.amazonaws.com/{bucket}/{key}"))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const primary = new aws.guardduty.Detector("primary", {enable: true});
const bucket = new aws.s3.Bucket("bucket", {acl: "private"});
const myThreatIntelSetBucketObject = new aws.s3.BucketObject("myThreatIntelSetBucketObject", {
    acl: "public-read",
    content: "10.0.0.0/8\n",
    bucket: bucket.id,
    key: "MyThreatIntelSet",
});
const myThreatIntelSetThreatIntelSet = new aws.guardduty.ThreatIntelSet("myThreatIntelSetThreatIntelSet", {
    activate: true,
    detectorId: primary.id,
    format: "TXT",
    location: pulumi.interpolate`https://s3.amazonaws.com/${myThreatIntelSetBucketObject.bucket}/${myThreatIntelSetBucketObject.key}`,
});

Create a ThreatIntelSet Resource

new ThreatIntelSet(name: string, args: ThreatIntelSetArgs, opts?: CustomResourceOptions);
@overload
def ThreatIntelSet(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   activate: Optional[bool] = None,
                   detector_id: Optional[str] = None,
                   format: Optional[str] = None,
                   location: Optional[str] = None,
                   name: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None)
@overload
def ThreatIntelSet(resource_name: str,
                   args: ThreatIntelSetArgs,
                   opts: Optional[ResourceOptions] = None)
func NewThreatIntelSet(ctx *Context, name string, args ThreatIntelSetArgs, opts ...ResourceOption) (*ThreatIntelSet, error)
public ThreatIntelSet(string name, ThreatIntelSetArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ThreatIntelSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ThreatIntelSetArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ThreatIntelSetArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ThreatIntelSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ThreatIntelSet Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ThreatIntelSet resource accepts the following input properties:

Activate bool
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
DetectorId string
The detector ID of the GuardDuty.
Format string
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
Location string
The URI of the file that contains the ThreatIntelSet.
Name string
The friendly name to identify the ThreatIntelSet.
Tags Dictionary<string, string>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Activate bool
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
DetectorId string
The detector ID of the GuardDuty.
Format string
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
Location string
The URI of the file that contains the ThreatIntelSet.
Name string
The friendly name to identify the ThreatIntelSet.
Tags map[string]string
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
activate boolean
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
detectorId string
The detector ID of the GuardDuty.
format string
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
location string
The URI of the file that contains the ThreatIntelSet.
name string
The friendly name to identify the ThreatIntelSet.
tags {[key: string]: string}
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
activate bool
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
detector_id str
The detector ID of the GuardDuty.
format str
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
location str
The URI of the file that contains the ThreatIntelSet.
name str
The friendly name to identify the ThreatIntelSet.
tags Mapping[str, str]
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the ThreatIntelSet resource produces the following output properties:

Arn string
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Arn string
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
arn string
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
id string
The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
arn str
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
id str
The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .

Look up an Existing ThreatIntelSet Resource

Get an existing ThreatIntelSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ThreatIntelSetState, opts?: CustomResourceOptions): ThreatIntelSet
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        activate: Optional[bool] = None,
        arn: Optional[str] = None,
        detector_id: Optional[str] = None,
        format: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> ThreatIntelSet
func GetThreatIntelSet(ctx *Context, name string, id IDInput, state *ThreatIntelSetState, opts ...ResourceOption) (*ThreatIntelSet, error)
public static ThreatIntelSet Get(string name, Input<string> id, ThreatIntelSetState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Activate bool
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
Arn string
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
DetectorId string
The detector ID of the GuardDuty.
Format string
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
Location string
The URI of the file that contains the ThreatIntelSet.
Name string
The friendly name to identify the ThreatIntelSet.
Tags Dictionary<string, string>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Activate bool
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
Arn string
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
DetectorId string
The detector ID of the GuardDuty.
Format string
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
Location string
The URI of the file that contains the ThreatIntelSet.
Name string
The friendly name to identify the ThreatIntelSet.
Tags map[string]string
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
activate boolean
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
arn string
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
detectorId string
The detector ID of the GuardDuty.
format string
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
location string
The URI of the file that contains the ThreatIntelSet.
name string
The friendly name to identify the ThreatIntelSet.
tags {[key: string]: string}
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
activate bool
Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
arn str
Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
detector_id str
The detector ID of the GuardDuty.
format str
The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
location str
The URI of the file that contains the ThreatIntelSet.
name str
The friendly name to identify the ThreatIntelSet.
tags Mapping[str, str]
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .

Import

GuardDuty ThreatIntelSet can be imported using the the primary GuardDuty detector ID and ThreatIntelSetID, e.g.

 $ pulumi import aws:guardduty/threatIntelSet:ThreatIntelSet MyThreatIntelSet 00b00fd5aecc0ab60a708659477e9617:123456789012

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.