CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

guardduty.mddocs/security/

GuardDuty - Threat Detection

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity.

Common Tasks

Enable GuardDuty with all data sources

const detector = new aws.guardduty.Detector("main", {
    enable: true,
    findingPublishingFrequency: "FIFTEEN_MINUTES",
    dataSources: {
        s3Logs: { enable: true },
        kubernetes: { auditLogs: { enable: true } },
        malwareProtection: {
            scanEc2InstanceWithFindings: {
                ebsVolumes: { enable: true },
            },
        },
    },
});

Configure basic threat detection

const detector = new aws.guardduty.Detector("detector", {
    enable: true,
    findingPublishingFrequency: "ONE_HOUR",
});

Export findings to S3 bucket

const publishDestination = new aws.guardduty.PublishingDestination("findings", {
    detectorId: detector.id,
    destinationArn: bucket.arn,
    destinationType: "S3",
});

Core Resources

Detector

class Detector extends pulumi.CustomResource {
    constructor(name: string, args?: DetectorArgs, opts?: pulumi.CustomResourceOptions);

    readonly id: pulumi.Output<string>;
    readonly accountId: pulumi.Output<string>;
}

interface DetectorArgs {
    enable?: pulumi.Input<boolean>;
    findingPublishingFrequency?: pulumi.Input<"FIFTEEN_MINUTES" | "ONE_HOUR" | "SIX_HOURS">;
    dataSources?: pulumi.Input<DetectorDataSources>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface DetectorDataSources {
    s3Logs?: pulumi.Input<{
        enable: pulumi.Input<boolean>;
    }>;
    kubernetes?: pulumi.Input<{
        auditLogs: pulumi.Input<{
            enable: pulumi.Input<boolean>;
        }>;
    }>;
    malwareProtection?: pulumi.Input<{
        scanEc2InstanceWithFindings: pulumi.Input<{
            ebsVolumes: pulumi.Input<{
                enable: pulumi.Input<boolean>;
            }>;
        }>;
    }>;
}

Example: Enable GuardDuty with comprehensive monitoring

const detector = new aws.guardduty.Detector("main-detector", {
    enable: true,
    findingPublishingFrequency: "FIFTEEN_MINUTES",
    dataSources: {
        s3Logs: {
            enable: true,
        },
        kubernetes: {
            auditLogs: {
                enable: true,
            },
        },
        malwareProtection: {
            scanEc2InstanceWithFindings: {
                ebsVolumes: {
                    enable: true,
                },
            },
        },
    },
    tags: {
        Environment: "production",
        SecurityLevel: "high",
    },
});

export const detectorId = detector.id;

For complete GuardDuty API with 13 resources, see All Services.

Related Services

  • CloudWatch - GuardDuty findings and events
  • SNS - Notifications for GuardDuty findings
  • Lambda - Automated response to threats
  • S3 - Store GuardDuty findings
  • Security Hub - Centralized security findings aggregation

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws@7.16.0

docs

security

acm.md

cognito.md

guardduty.md

iam.md

kms.md

overview.md

secretsmanager.md

securityhub.md

waf.md

index.md

quickstart.md

README.md

tile.json