Resource: aws_guardduty_filter

Provides a resource to manage a GuardDuty filter.

Example Usage

resource "aws_guardduty_filter" "MyFilter" {
  name        = "MyFilter"
  action      = "ARCHIVE"
  detector_id = aws_guardduty_detector.example.id
  rank        = 1

  finding_criteria {
    criterion {
      field  = "region"
      equals = ["eu-west-1"]
    }

    criterion {
      field      = "service.additionalInfo.threatListName"
      not_equals = ["some-threat", "another-threat"]
    }

    criterion {
      field        = "updatedAt"
      greater_than = "2020-01-01T00:00:00Z"
      less_than    = "2020-02-01T00:00:00Z"
    }

    criterion {
      field                 = "severity"
      greater_than_or_equal = "4"
    }
  }
}

Argument Reference

This resource supports the following arguments:

criterion

The criterion block suports the following:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import GuardDuty filters using the detector ID and filter's name separated by a colon. For example:

import {
  to = aws_guardduty_filter.MyFilter
  id = "00b00fd5aecc0ab60a708659477e9617:MyFilter"
}

Using terraform import, import GuardDuty filters using the detector ID and filter's name separated by a colon. For example:

% terraform import aws_guardduty_filter.MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilter