Skip to content

Resource: awsGuarddutyThreatintelset

Provides a resource to manage a GuardDuty ThreatIntelSet.

\~> Note: Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the GuardDuty API Documentation

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsGuarddutyDetectorPrimary = new aws.guarddutyDetector.GuarddutyDetector(
  this,
  "primary",
  {
    enable: true,
  }
);
const awsS3BucketBucket = new aws.s3Bucket.S3Bucket(this, "bucket", {});
new aws.s3BucketAcl.S3BucketAcl(this, "bucket_acl", {
  acl: "private",
  bucket: awsS3BucketBucket.id,
});
const awsS3ObjectMyThreatIntelSet = new aws.s3Object.S3Object(
  this,
  "MyThreatIntelSet",
  {
    acl: "public-read",
    bucket: awsS3BucketBucket.id,
    content: "10.0.0.0/8\n",
    key: "MyThreatIntelSet",
  }
);
const awsGuarddutyThreatintelsetMyThreatIntelSet =
  new aws.guarddutyThreatintelset.GuarddutyThreatintelset(
    this,
    "MyThreatIntelSet_4",
    {
      activate: true,
      detectorId: awsGuarddutyDetectorPrimary.id,
      format: "TXT",
      location: `https://s3.amazonaws.com/\${${awsS3ObjectMyThreatIntelSet.bucket}}/\${${awsS3ObjectMyThreatIntelSet.key}}`,
      name: "MyThreatIntelSet",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsGuarddutyThreatintelsetMyThreatIntelSet.overrideLogicalId(
  "MyThreatIntelSet"
);

Argument Reference

The following arguments are supported:

  • activate - (Required) Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.
  • detectorId - (Required) The detector ID of the GuardDuty.
  • format - (Required) The format of the file that contains the ThreatIntelSet. Valid values: txt | stix | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE
  • location - (Required) The URI of the file that contains the ThreatIntelSet.
  • name - (Required) The friendly name to identify the ThreatIntelSet.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.
  • id - The ID of the GuardDuty ThreatIntelSet and the detector ID. Format: <detectorId>:<threatIntelSetId>
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

GuardDuty ThreatIntelSet can be imported using the primary GuardDuty detector ID and ThreatIntelSetID, e.g.,

$ terraform import aws_guardduty_threatintelset.MyThreatIntelSet 00b00fd5aecc0ab60a708659477e9617:123456789012