UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi/pulumi-aws-native

650 lines • 26.6 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.AutomationRule = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * The ``AWS::SecurityHub::AutomationRule`` resource specifies an automation rule based on input parameters. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*. * * ## Example Usage * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", { * ruleName: "Example rule name", * ruleOrder: 5, * description: "Example rule description.", * isTerminal: false, * ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled, * criteria: { * productName: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "GuardDuty", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "SecurityHub", * }, * ], * companyName: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "AWS", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "Private", * }, * ], * productArn: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "arn:aws:securityhub:us-west-2:123456789012:product/aws", * }, * ], * awsAccountId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "123456789012", * }], * id: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-finding-id", * }], * generatorId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-generator-id", * }], * type: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "type-1", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "type-2", * }, * ], * description: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "description1", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "description2", * }, * ], * sourceUrl: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "https", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "ftp", * }, * ], * title: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "title-1", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "title-2", * }, * ], * severityLabel: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "LOW", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "HIGH", * }, * ], * resourceType: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "AwsEc2Instance", * }], * resourcePartition: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "aws", * }], * resourceId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "i-1234567890", * }], * resourceRegion: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "us-west", * }], * complianceStatus: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "FAILED", * }], * complianceSecurityControlId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "EC2.3", * }], * complianceAssociatedStandardsId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0", * }], * verificationState: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "BENIGN_POSITIVE", * }], * recordState: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "ACTIVE", * }], * relatedFindingsProductArn: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub", * }], * relatedFindingsId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-finding-id-2", * }], * noteText: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-note-text", * }], * noteUpdatedAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * noteUpdatedBy: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "sechub", * }], * workflowStatus: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "NEW", * }], * firstObservedAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * lastObservedAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * createdAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * updatedAt: [{ * start: "2023-04-25T17:05:54.832Z", * end: "2023-05-25T17:05:54.832Z", * }], * resourceTags: [ * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "department", * value: "security", * }, * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "department", * value: "operations", * }, * ], * userDefinedFields: [ * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals, * key: "key1", * value: "security", * }, * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals, * key: "key2", * value: "operations", * }, * ], * resourceDetailsOther: [ * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "area", * value: "na", * }, * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "department", * value: "sales", * }, * ], * confidence: [{ * gte: 50, * lte: 95, * }], * criticality: [{ * gte: 50, * lte: 95, * }], * }, * actions: [{ * type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate, * findingFieldsUpdate: { * severity: { * product: 50, * label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium, * normalized: 60, * }, * types: [ * "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices", * "Industry Compliance", * ], * confidence: 98, * criticality: 95, * userDefinedFields: { * key1: "value1", * key2: "value2", * }, * relatedFindings: [ * { * productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", * id: "sample-finding-id-1", * }, * { * productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", * id: "sample-finding-id-2", * }, * ], * note: { * text: "sample-note-text", * updatedBy: "sechub", * }, * verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive, * workflow: { * status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified, * }, * }, * }], * tags: { * sampleTag: "sampleValue", * organizationUnit: "pnw", * }, * }); * * ``` * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", { * ruleName: "Example rule name", * ruleOrder: 5, * description: "Example rule description.", * isTerminal: false, * ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled, * criteria: { * productName: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "GuardDuty", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "SecurityHub", * }, * ], * companyName: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "AWS", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "Private", * }, * ], * productArn: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "arn:aws:securityhub:us-west-2:123456789012:product/aws", * }, * ], * awsAccountId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "123456789012", * }], * id: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-finding-id", * }], * generatorId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-generator-id", * }], * type: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "type-1", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "type-2", * }, * ], * description: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "description1", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "description2", * }, * ], * sourceUrl: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "https", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "ftp", * }, * ], * title: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "title-1", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "title-2", * }, * ], * severityLabel: [ * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "LOW", * }, * { * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "HIGH", * }, * ], * resourceType: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "AwsEc2Instance", * }], * resourcePartition: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "aws", * }], * resourceId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "i-1234567890", * }], * resourceRegion: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "us-west", * }], * complianceStatus: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "FAILED", * }], * complianceSecurityControlId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "EC2.3", * }], * complianceAssociatedStandardsId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0", * }], * verificationState: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "BENIGN_POSITIVE", * }], * recordState: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "ACTIVE", * }], * relatedFindingsProductArn: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub", * }], * relatedFindingsId: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-finding-id-2", * }], * noteText: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "example-note-text", * }], * noteUpdatedAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * noteUpdatedBy: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix, * value: "sechub", * }], * workflowStatus: [{ * comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals, * value: "NEW", * }], * firstObservedAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * lastObservedAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * createdAt: [{ * dateRange: { * unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days, * value: 5, * }, * }], * updatedAt: [{ * start: "2023-04-25T17:05:54.832Z", * end: "2023-05-25T17:05:54.832Z", * }], * resourceTags: [ * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "department", * value: "security", * }, * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "department", * value: "operations", * }, * ], * userDefinedFields: [ * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals, * key: "key1", * value: "security", * }, * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals, * key: "key2", * value: "operations", * }, * ], * resourceDetailsOther: [ * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "area", * value: "na", * }, * { * comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals, * key: "department", * value: "sales", * }, * ], * confidence: [{ * gte: 50, * lte: 95, * }], * criticality: [{ * gte: 50, * lte: 95, * }], * }, * actions: [{ * type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate, * findingFieldsUpdate: { * severity: { * product: 50, * label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium, * normalized: 60, * }, * types: [ * "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices", * "Industry Compliance", * ], * confidence: 98, * criticality: 95, * userDefinedFields: { * key1: "value1", * key2: "value2", * }, * relatedFindings: [ * { * productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", * id: "sample-finding-id-1", * }, * { * productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default", * id: "sample-finding-id-2", * }, * ], * note: { * text: "sample-note-text", * updatedBy: "sechub", * }, * verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive, * workflow: { * status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified, * }, * }, * }], * tags: { * sampleTag: "sampleValue", * organizationUnit: "pnw", * }, * }); * * ``` */ class AutomationRule extends pulumi.CustomResource { /** * Get an existing AutomationRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, opts) { return new AutomationRule(name, undefined, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of AutomationRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === AutomationRule.__pulumiType; } /** * Create a AutomationRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name, args, opts) { let resourceInputs = {}; opts = opts || {}; if (!opts.id) { if ((!args || args.actions === undefined) && !opts.urn) { throw new Error("Missing required property 'actions'"); } if ((!args || args.criteria === undefined) && !opts.urn) { throw new Error("Missing required property 'criteria'"); } if ((!args || args.description === undefined) && !opts.urn) { throw new Error("Missing required property 'description'"); } if ((!args || args.ruleOrder === undefined) && !opts.urn) { throw new Error("Missing required property 'ruleOrder'"); } resourceInputs["actions"] = args ? args.actions : undefined; resourceInputs["criteria"] = args ? args.criteria : undefined; resourceInputs["description"] = args ? args.description : undefined; resourceInputs["isTerminal"] = args ? args.isTerminal : undefined; resourceInputs["ruleName"] = args ? args.ruleName : undefined; resourceInputs["ruleOrder"] = args ? args.ruleOrder : undefined; resourceInputs["ruleStatus"] = args ? args.ruleStatus : undefined; resourceInputs["tags"] = args ? args.tags : undefined; resourceInputs["createdAt"] = undefined /*out*/; resourceInputs["createdBy"] = undefined /*out*/; resourceInputs["ruleArn"] = undefined /*out*/; resourceInputs["updatedAt"] = undefined /*out*/; } else { resourceInputs["actions"] = undefined /*out*/; resourceInputs["createdAt"] = undefined /*out*/; resourceInputs["createdBy"] = undefined /*out*/; resourceInputs["criteria"] = undefined /*out*/; resourceInputs["description"] = undefined /*out*/; resourceInputs["isTerminal"] = undefined /*out*/; resourceInputs["ruleArn"] = undefined /*out*/; resourceInputs["ruleName"] = undefined /*out*/; resourceInputs["ruleOrder"] = undefined /*out*/; resourceInputs["ruleStatus"] = undefined /*out*/; resourceInputs["tags"] = undefined /*out*/; resourceInputs["updatedAt"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(AutomationRule.__pulumiType, name, resourceInputs, opts); } } exports.AutomationRule = AutomationRule; /** @internal */ AutomationRule.__pulumiType = 'aws-native:securityhub:AutomationRule'; //# sourceMappingURL=automationRule.js.map