Skip to content

Resource: awsGuarddutyIpset

Provides a resource to manage a GuardDuty IPSet.

\~> Note: Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsGuarddutyDetectorPrimary = new aws.guarddutyDetector.GuarddutyDetector(
  this,
  "primary",
  {
    enable: true,
  }
);
const awsS3BucketBucket = new aws.s3Bucket.S3Bucket(this, "bucket", {});
new aws.s3BucketAcl.S3BucketAcl(this, "bucket_acl", {
  acl: "private",
  bucket: awsS3BucketBucket.id,
});
const awsS3ObjectMyIpSet = new aws.s3Object.S3Object(this, "MyIPSet", {
  bucket: awsS3BucketBucket.id,
  content: "10.0.0.0/8\n",
  key: "MyIPSet",
});
new aws.guarddutyIpset.GuarddutyIpset(this, "example", {
  activate: true,
  detectorId: awsGuarddutyDetectorPrimary.id,
  format: "TXT",
  location: `https://s3.amazonaws.com/\${${awsS3ObjectMyIpSet.bucket}}/\${${awsS3ObjectMyIpSet.key}}`,
  name: "MyIPSet",
});

Argument Reference

The following arguments are supported:

  • activate - (Required) Specifies whether GuardDuty is to start using the uploaded IPSet.
  • detectorId - (Required) The detector ID of the GuardDuty.
  • format - (Required) The format of the file that contains the IPSet. Valid values: txt | stix | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
  • location - (Required) The URI of the file that contains the IPSet.
  • name - (Required) The friendly name to identify the IPSet.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the GuardDuty IPSet.
  • id - The ID of the GuardDuty IPSet.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

GuardDuty IPSet can be imported using the primary GuardDuty detector ID and IPSet ID, e.g.,

$ terraform import aws_guardduty_ipset.MyIPSet 00b00fd5aecc0ab60a708659477e9617:123456789012