detector

State module for managing Amazon GuardDuty Detector.

async idem_aws.states.aws.guardduty.detector.present(hub, ctx, name: str, enable: bool = True, resource_id: str = None, client_token: str = None, finding_publishing_frequency: str = None, data_sources: ~types.Describes which data sources will be enabled for the detector.DataSourceConfiguration = None, tags: ~typing.Dict[str, str] = None) → Dict[str, Any]

Creates an Amazon GuardDuty detector.

A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.

Parameters:

• name (str) – An Idem name of the resource.

• resource_id (str, Optional) – The ID of the detector in Amazon Web Services.

• enable (bool, Optional) – A Boolean value that specifies whether the detector is to be enabled. Default value is True.

• client_token (str, Optional) – The idempotency token for the create request. This field is auto_populated if not provided.

• finding_publishing_frequency (str, Optional) – A value that specifies how frequently updated findings are exported. Valid values are FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS.

• data_sources (dict, Optional) –

  Describes which data sources will be enabled for the detector.

  • S3Logs (dict, Optional):

    Describes whether S3 data event logs are enabled as a data source.

    • Enable (bool): The status of S3 data event logs as a data source.

  • Kubernetes (dict, Optional):

    Describes whether any Kubernetes logs are enabled as data sources.

    • AuditLogs (dict):

      The status of Kubernetes audit logs as a data source.

      • Enable (bool):

        The status of Kubernetes audit logs as a data source.

  • MalwareProtection (dict, Optional):

    Describes whether Malware Protection is enabled as a data source.

    • ScanEc2InstanceWithFindings (dict, Optional):

      Describes the configuration of Malware Protection for EC2 instances with findings.

      EbsVolumes (bool, Optional):

      Describes the configuration for scanning EBS volumes as data source.

• tags (dict, Optional) – Dict in the format of {tag-key: tag-value} to associate with the detector.

Request Syntax:

[idem_test_aws_guardduty_detector]:
  aws.guaardduty.detector.present:
    - name: 'string'
    - enable: True|False
    - client_token: 'string'
    - finding_publishing_frequency: 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS'
    - data_sources:
        S3Logs:
          Enable: True|False
        Kubernetes:
          AuditLogs:
            Enable: True|False
        MalwareProtection:
          ScanEc2InstanceWithFindings:
            EbsVolumes: True|False
    - tags:
        'string': 'string'

Returns:

Dict[str, Any]

Examples

idem_test_aws_guardduty_detector:
  aws.guardduty.detector.present:
    - name: idem_test_guardduty_detector
    - enable: True
    - finding_publishing_frequency: 'ONE_HOUR'
    - data_sources:
        S3Logs:
          Enable: true
    - tags:
        provider: idem

async idem_aws.states.aws.guardduty.detector.absent(hub, ctx, name: str, resource_id: str = None) → Dict[str, Any]

Deletes an Amazon GuardDuty detector.

Parameters:

• name (str) – An Idem name of the resource.

• resource_id (str, Optional) – The ID of the detector in Amazon Web Services.

Request syntax:

[idem_test_aws_guardduty_detector]:
  aws.guardduty.detector.absent:
    - name: 'string'
    - resource_id: 'string'

Returns:

Dict[str, Any]

Examples

idem_test_aws_guardduty_detector:
  aws.guardduty.detector.absent:
    - name: idem_test_guardduty_detector
    - resource_id: cebf7ced6562d943d61f76a915e32563

async idem_aws.states.aws.guardduty.detector.describe(hub, ctx) → Dict[str, Dict[str, Any]]

Describes AWS GuardDuty detectors in a way that can be recreated/managed with the corresponding “present” function.

Returns:

Dict[str, Dict[str, Any]]

Examples

$ idem describe aws.guardduty.detector