Resource: aws_guardduty_detector

Provides a resource to manage an Amazon GuardDuty detector.

Example Usage

resource "aws_guardduty_detector" "MyDetector" {
  enable = true

  datasources {
    s3_logs {
      enable = true
    }
    kubernetes {
      audit_logs {
        enable = false
      }
    }
    malware_protection {
      scan_ec2_instance_with_findings {
        ebs_volumes {
          enable = true
        }
      }
    }
  }
}

Argument Reference

This resource supports the following arguments:

Data Sources

The datasources block supports the following:

The datasources block is deprecated since March 2023. Use the features block instead and map each datasources block to the corresponding features block.

S3 Logs

The s3_logs block supports the following:

Kubernetes

The kubernetes block supports the following:

Kubernetes Audit Logs

The audit_logs block supports the following:

Malware Protection

malware_protection block supports the following:

Scan EC2 instance with findings

The scan_ec2_instance_with_findings block supports the following:

EBS volumes

The ebs_volumes block supports the following:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import GuardDuty detectors using the detector ID. For example:

import {
  to = aws_guardduty_detector.MyDetector
  id = "00b00fd5aecc0ab60a708659477e9617"
}

Using terraform import, import GuardDuty detectors using the detector ID. For example:

% terraform import aws_guardduty_detector.MyDetector 00b00fd5aecc0ab60a708659477e9617

The ID of the detector can be retrieved via the AWS CLI using aws guardduty list-detectors.