@pulumi/aws-native
Version:
The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)
685 lines (684 loc) • 29 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
import * as enums from "../types/enums";
/**
* The ``AWS::SecurityHub::AutomationRule`` resource specifies an automation rule based on input parameters. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*.
*
* ## Example Usage
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
* ruleName: "Example rule name",
* ruleOrder: 5,
* description: "Example rule description.",
* isTerminal: false,
* ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
* criteria: {
* productName: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "GuardDuty",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "SecurityHub",
* },
* ],
* companyName: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "AWS",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "Private",
* },
* ],
* productArn: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
* },
* ],
* awsAccountId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "123456789012",
* }],
* id: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-finding-id",
* }],
* generatorId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-generator-id",
* }],
* type: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "type-1",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "type-2",
* },
* ],
* description: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "description1",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "description2",
* },
* ],
* sourceUrl: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "https",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "ftp",
* },
* ],
* title: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "title-1",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "title-2",
* },
* ],
* severityLabel: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "LOW",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "HIGH",
* },
* ],
* resourceType: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "AwsEc2Instance",
* }],
* resourcePartition: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "aws",
* }],
* resourceId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "i-1234567890",
* }],
* resourceRegion: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "us-west",
* }],
* complianceStatus: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "FAILED",
* }],
* complianceSecurityControlId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "EC2.3",
* }],
* complianceAssociatedStandardsId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
* }],
* verificationState: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "BENIGN_POSITIVE",
* }],
* recordState: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "ACTIVE",
* }],
* relatedFindingsProductArn: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
* }],
* relatedFindingsId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-finding-id-2",
* }],
* noteText: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-note-text",
* }],
* noteUpdatedAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* noteUpdatedBy: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "sechub",
* }],
* workflowStatus: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "NEW",
* }],
* firstObservedAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* lastObservedAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* createdAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* updatedAt: [{
* start: "2023-04-25T17:05:54.832Z",
* end: "2023-05-25T17:05:54.832Z",
* }],
* resourceTags: [
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "department",
* value: "security",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "department",
* value: "operations",
* },
* ],
* userDefinedFields: [
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
* key: "key1",
* value: "security",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
* key: "key2",
* value: "operations",
* },
* ],
* resourceDetailsOther: [
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "area",
* value: "na",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "department",
* value: "sales",
* },
* ],
* confidence: [{
* gte: 50,
* lte: 95,
* }],
* criticality: [{
* gte: 50,
* lte: 95,
* }],
* },
* actions: [{
* type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
* findingFieldsUpdate: {
* severity: {
* product: 50,
* label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
* normalized: 60,
* },
* types: [
* "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
* "Industry Compliance",
* ],
* confidence: 98,
* criticality: 95,
* userDefinedFields: {
* key1: "value1",
* key2: "value2",
* },
* relatedFindings: [
* {
* productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
* id: "sample-finding-id-1",
* },
* {
* productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
* id: "sample-finding-id-2",
* },
* ],
* note: {
* text: "sample-note-text",
* updatedBy: "sechub",
* },
* verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
* workflow: {
* status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
* },
* },
* }],
* tags: {
* sampleTag: "sampleValue",
* organizationUnit: "pnw",
* },
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
* ruleName: "Example rule name",
* ruleOrder: 5,
* description: "Example rule description.",
* isTerminal: false,
* ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
* criteria: {
* productName: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "GuardDuty",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "SecurityHub",
* },
* ],
* companyName: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "AWS",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "Private",
* },
* ],
* productArn: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
* },
* ],
* awsAccountId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "123456789012",
* }],
* id: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-finding-id",
* }],
* generatorId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-generator-id",
* }],
* type: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "type-1",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "type-2",
* },
* ],
* description: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "description1",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "description2",
* },
* ],
* sourceUrl: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "https",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "ftp",
* },
* ],
* title: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "title-1",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "title-2",
* },
* ],
* severityLabel: [
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "LOW",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "HIGH",
* },
* ],
* resourceType: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "AwsEc2Instance",
* }],
* resourcePartition: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "aws",
* }],
* resourceId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "i-1234567890",
* }],
* resourceRegion: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "us-west",
* }],
* complianceStatus: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "FAILED",
* }],
* complianceSecurityControlId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "EC2.3",
* }],
* complianceAssociatedStandardsId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
* }],
* verificationState: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "BENIGN_POSITIVE",
* }],
* recordState: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "ACTIVE",
* }],
* relatedFindingsProductArn: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
* }],
* relatedFindingsId: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-finding-id-2",
* }],
* noteText: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "example-note-text",
* }],
* noteUpdatedAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* noteUpdatedBy: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
* value: "sechub",
* }],
* workflowStatus: [{
* comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
* value: "NEW",
* }],
* firstObservedAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* lastObservedAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* createdAt: [{
* dateRange: {
* unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
* value: 5,
* },
* }],
* updatedAt: [{
* start: "2023-04-25T17:05:54.832Z",
* end: "2023-05-25T17:05:54.832Z",
* }],
* resourceTags: [
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "department",
* value: "security",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "department",
* value: "operations",
* },
* ],
* userDefinedFields: [
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
* key: "key1",
* value: "security",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
* key: "key2",
* value: "operations",
* },
* ],
* resourceDetailsOther: [
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "area",
* value: "na",
* },
* {
* comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
* key: "department",
* value: "sales",
* },
* ],
* confidence: [{
* gte: 50,
* lte: 95,
* }],
* criticality: [{
* gte: 50,
* lte: 95,
* }],
* },
* actions: [{
* type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
* findingFieldsUpdate: {
* severity: {
* product: 50,
* label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
* normalized: 60,
* },
* types: [
* "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
* "Industry Compliance",
* ],
* confidence: 98,
* criticality: 95,
* userDefinedFields: {
* key1: "value1",
* key2: "value2",
* },
* relatedFindings: [
* {
* productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
* id: "sample-finding-id-1",
* },
* {
* productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
* id: "sample-finding-id-2",
* },
* ],
* note: {
* text: "sample-note-text",
* updatedBy: "sechub",
* },
* verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
* workflow: {
* status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
* },
* },
* }],
* tags: {
* sampleTag: "sampleValue",
* organizationUnit: "pnw",
* },
* });
*
* ```
*/
export declare class AutomationRule extends pulumi.CustomResource {
/**
* Get an existing AutomationRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): AutomationRule;
/**
* Returns true if the given object is an instance of AutomationRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is AutomationRule;
/**
* One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``.
*/
readonly actions: pulumi.Output<outputs.securityhub.AutomationRulesAction[]>;
/**
* A timestamp that indicates when the rule was created.
*
* Uses the `date-time` format specified in [RFC 3339 section 5.6, Internet Date/Time Format](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc3339#section-5.6) . The value cannot contain spaces. For example, `2020-03-22T13:22:13.933Z` .
*/
readonly createdAt: pulumi.Output<string>;
/**
* The principal that created the rule. For example, `arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe` .
*/
readonly createdBy: pulumi.Output<string>;
/**
* A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
*/
readonly criteria: pulumi.Output<outputs.securityhub.AutomationRulesFindingFilters>;
/**
* A description of the rule.
*/
readonly description: pulumi.Output<string>;
/**
* Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
*/
readonly isTerminal: pulumi.Output<boolean | undefined>;
/**
* The Amazon Resource Name (ARN) of the automation rule that you create. For example, `arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111` .
*/
readonly ruleArn: pulumi.Output<string>;
/**
* The name of the rule.
*/
readonly ruleName: pulumi.Output<string>;
/**
* An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
*/
readonly ruleOrder: pulumi.Output<number>;
/**
* Whether the rule is active after it is created. If this parameter is equal to ``ENABLED``, ASH applies the rule to findings and finding updates after the rule is created.
*/
readonly ruleStatus: pulumi.Output<enums.securityhub.AutomationRuleRuleStatus | undefined>;
/**
* User-defined tags associated with an automation rule.
*/
readonly tags: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* A timestamp that indicates when the rule was most recently updated.
*
* Uses the `date-time` format specified in [RFC 3339 section 5.6, Internet Date/Time Format](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc3339#section-5.6) . The value cannot contain spaces. For example, `2020-03-22T13:22:13.933Z` .
*/
readonly updatedAt: pulumi.Output<string>;
/**
* Create a AutomationRule resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: AutomationRuleArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* The set of arguments for constructing a AutomationRule resource.
*/
export interface AutomationRuleArgs {
/**
* One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``.
*/
actions: pulumi.Input<pulumi.Input<inputs.securityhub.AutomationRulesActionArgs>[]>;
/**
* A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
*/
criteria: pulumi.Input<inputs.securityhub.AutomationRulesFindingFiltersArgs>;
/**
* A description of the rule.
*/
description: pulumi.Input<string>;
/**
* Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
*/
isTerminal?: pulumi.Input<boolean>;
/**
* The name of the rule.
*/
ruleName?: pulumi.Input<string>;
/**
* An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
*/
ruleOrder: pulumi.Input<number>;
/**
* Whether the rule is active after it is created. If this parameter is equal to ``ENABLED``, ASH applies the rule to findings and finding updates after the rule is created.
*/
ruleStatus?: pulumi.Input<enums.securityhub.AutomationRuleRuleStatus>;
/**
* User-defined tags associated with an automation rule.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}