Resource Type definition for AWS::GuardDuty::Detector
[!WARNING] Deleting this resource is equivalent to "disabling" GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead "suspend" monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.
The datasources block is deprecated since March 2023. Use the features block instead and map each datasources block to the corresponding features block.
resource "awscc_guardduty_detector" "example" {
enable = true
features = [
{
name = "S3_DATA_EVENTS"
status = "ENABLED"
},
{
name = "EBS_MALWARE_PROTECTION"
status = "ENABLED"
},
{
name = "EKS_AUDIT_LOGS"
status = "DISABLED"
}
]
tags = [{
key = "Modified By"
value = "AWSCC"
}]
}
enable
(Boolean)data_sources
(Attributes) (see below for nested schema)features
(Attributes List) (see below for nested schema)finding_publishing_frequency
(String)tags
(Attributes List) (see below for nested schema)detector_id
(String)id
(String) Uniquely identifies the resource.data_sources
Optional:
kubernetes
(Attributes) (see below for nested schema)malware_protection
(Attributes) (see below for nested schema)s3_logs
(Attributes) (see below for nested schema)data_sources.kubernetes
Required:
audit_logs
(Attributes) (see below for nested schema)data_sources.kubernetes.audit_logs
Required:
enable
(Boolean)data_sources.malware_protection
Optional:
scan_ec_2_instance_with_findings
(Attributes) (see below for nested schema)data_sources.malware_protection.scan_ec_2_instance_with_findings
Optional:
ebs_volumes
(Boolean)data_sources.s3_logs
Required:
enable
(Boolean)features
Required:
name
(String)status
(String)Optional:
additional_configuration
(Attributes List) (see below for nested schema)features.additional_configuration
Optional:
name
(String)status
(String)tags
Required:
key
(String)value
(String)Import is supported using the following syntax:
$ terraform import awscc_guardduty_detector.example <resource ID>