Skip to main content
Version: v1.7

AWS GUARDDUTY

Description

Terraform module to provision AWS Guard Duty

Specification

Properties

NameDescriptionTypeRequiredDefault
cloudwatch_event_rule_pattern_detail_typeThe detail-type pattern used to match events that will be sent to SNS.\n\nFor more information, see:\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html\nhttps://docs.aws.amazon.com/eventbridge/latest/userguide/event-types.html\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html\nstringfalse
create_sns_topicFlag to indicate whether an SNS topic should be created for notifications.\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers.\nboolfalse
enable_cloudwatchFlag to indicate whether an CloudWatch logging should be enabled for GuardDuty\nboolfalse
finding_publishing_frequencyThe frequency of notifications sent for finding occurrences. If the detector is a GuardDuty member account, the value\nis determined by the GuardDuty master account and cannot be modified, otherwise it defaults to SIX_HOURS.\n\nFor standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection.\nValid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS."\n\nFor more information, see:\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency\nstringfalse
findings_notification_arnThe ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\nstringfalse
subscribersA map of subscription configurations for SNS topics. Each subscriber should be an object with the following fields:
  • protocol: The protocol to use. Supported values: sqs, sms, lambda, application, http, https (http/https have partial support, email is not supported).
  • endpoint: The endpoint to send data to (format varies by protocol).
  • endpoint_auto_confirms: Whether the endpoint can auto-confirm subscriptions (default: false).
  • raw_message_delivery: Whether to enable raw message delivery (default: false).

Example:

{
"pagerduty": {
"protocol": "https",
"endpoint": "https://events.pagerduty.com/integration/...",
"endpoint_auto_confirms": true,
"raw_message_delivery": false
},
"lambda": {
"protocol": "lambda",
"endpoint": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
"endpoint_auto_confirms": true,
"raw_message_delivery": true
}
}

More details on SNS topic subscriptions | map<{ protocol: string, endpoint: string, endpoint_auto_confirms: boolean, raw_message_delivery: boolean }> | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | writeConnectionSecretToRef | false |

writeConnectionSecretToRef

NameDescriptionTypeRequiredDefault
nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse