awscc_guardduty_detector (Resource)

Resource Type definition for AWS::GuardDuty::Detector

[!WARNING] Deleting this resource is equivalent to "disabling" GuardDuty for an AWS region, which removes all existing findings. You can set the enable attribute to false to instead "suspend" monitoring and feedback reporting while keeping existing data. See the Suspending or Disabling Amazon GuardDuty documentation for more information.

Example Usage

The datasources block is deprecated since March 2023. Use the features block instead and map each datasources block to the corresponding features block.

resource "awscc_guardduty_detector" "example" {
  enable = true

  features = [
    {
      name   = "S3_DATA_EVENTS"
      status = "ENABLED"
    },
    {
      name   = "EBS_MALWARE_PROTECTION"
      status = "ENABLED"
    },
    {
      name   = "EKS_AUDIT_LOGS"
      status = "DISABLED"
    }
  ]

  tags = [{
    key   = "Modified By"
    value = "AWSCC"
  }]
}

Schema

Required

Optional

Read-Only

Nested Schema for data_sources

Optional:

Nested Schema for data_sources.kubernetes

Required:

Nested Schema for data_sources.kubernetes.audit_logs

Required:

Nested Schema for data_sources.malware_protection

Optional:

Nested Schema for data_sources.malware_protection.scan_ec_2_instance_with_findings

Optional:

Nested Schema for data_sources.s3_logs

Required:

Nested Schema for features

Required:

Optional:

Nested Schema for features.additional_configuration

Optional:

Nested Schema for tags

Required:

Import

Import is supported using the following syntax:

$ terraform import awscc_guardduty_detector.example <resource ID>