UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

158 lines • 6.68 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.PublishingDestination = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Provides a resource to manage a GuardDuty PublishingDestination. Requires an existing GuardDuty Detector. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const currentGetRegion = aws.getRegion({}); * const gdBucket = new aws.s3.Bucket("gd_bucket", { * bucket: "example", * forceDestroy: true, * }); * const bucketPol = aws.iam.getPolicyDocumentOutput({ * statements: [ * { * sid: "Allow PutObject", * actions: ["s3:PutObject"], * resources: [pulumi.interpolate`${gdBucket.arn}/*`], * principals: [{ * type: "Service", * identifiers: ["guardduty.amazonaws.com"], * }], * }, * { * sid: "Allow GetBucketLocation", * actions: ["s3:GetBucketLocation"], * resources: [gdBucket.arn], * principals: [{ * type: "Service", * identifiers: ["guardduty.amazonaws.com"], * }], * }, * ], * }); * const kmsPol = Promise.all([currentGetRegion, current, currentGetRegion, current, current]).then(([currentGetRegion, current, currentGetRegion1, current1, current2]) => aws.iam.getPolicyDocument({ * statements: [ * { * sid: "Allow GuardDuty to encrypt findings", * actions: ["kms:GenerateDataKey"], * resources: [`arn:aws:kms:${currentGetRegion.region}:${current.accountId}:key/*`], * principals: [{ * type: "Service", * identifiers: ["guardduty.amazonaws.com"], * }], * }, * { * sid: "Allow all users to modify/delete key (test only)", * actions: ["kms:*"], * resources: [`arn:aws:kms:${currentGetRegion1.region}:${current1.accountId}:key/*`], * principals: [{ * type: "AWS", * identifiers: [`arn:aws:iam::${current2.accountId}:root`], * }], * }, * ], * })); * const testGd = new aws.guardduty.Detector("test_gd", {enable: true}); * const gdBucketAcl = new aws.s3.BucketAcl("gd_bucket_acl", { * bucket: gdBucket.id, * acl: "private", * }); * const gdBucketPolicy = new aws.s3.BucketPolicy("gd_bucket_policy", { * bucket: gdBucket.id, * policy: bucketPol.apply(bucketPol => bucketPol.json), * }); * const gdKey = new aws.kms.Key("gd_key", { * description: "Temporary key for AccTest of TF", * deletionWindowInDays: 7, * policy: kmsPol.then(kmsPol => kmsPol.json), * }); * const test = new aws.guardduty.PublishingDestination("test", { * detectorId: testGd.id, * destinationArn: gdBucket.arn, * kmsKeyArn: gdKey.arn, * }, { * dependsOn: [gdBucketPolicy], * }); * ``` * * > **Note:** Please do not use this simple example for Bucket-Policy and KMS Key Policy in a production environment. It is much too open for such a use-case. Refer to the AWS documentation here: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html * * ## Import * * Using `pulumi import`, import GuardDuty PublishingDestination using the master GuardDuty detector ID and PublishingDestinationID. For example: * * ```sh * $ pulumi import aws:guardduty/publishingDestination:PublishingDestination test a4b86f26fa42e7e7cf0d1c333ea77777:a4b86f27a0e464e4a7e0516d242f1234 * ``` */ class PublishingDestination extends pulumi.CustomResource { /** * Get an existing PublishingDestination resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new PublishingDestination(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of PublishingDestination. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === PublishingDestination.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["destinationArn"] = state?.destinationArn; resourceInputs["destinationType"] = state?.destinationType; resourceInputs["detectorId"] = state?.detectorId; resourceInputs["kmsKeyArn"] = state?.kmsKeyArn; resourceInputs["region"] = state?.region; } else { const args = argsOrState; if (args?.destinationArn === undefined && !opts.urn) { throw new Error("Missing required property 'destinationArn'"); } if (args?.detectorId === undefined && !opts.urn) { throw new Error("Missing required property 'detectorId'"); } if (args?.kmsKeyArn === undefined && !opts.urn) { throw new Error("Missing required property 'kmsKeyArn'"); } resourceInputs["destinationArn"] = args?.destinationArn; resourceInputs["destinationType"] = args?.destinationType; resourceInputs["detectorId"] = args?.detectorId; resourceInputs["kmsKeyArn"] = args?.kmsKeyArn; resourceInputs["region"] = args?.region; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(PublishingDestination.__pulumiType, name, resourceInputs, opts); } } exports.PublishingDestination = PublishingDestination; /** @internal */ PublishingDestination.__pulumiType = 'aws:guardduty/publishingDestination:PublishingDestination'; //# sourceMappingURL=publishingDestination.js.map