aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
1,021 lines • 95 kB
TypeScript
import * as cdk from "../../core/lib";
import * as constructs from "constructs";
import * as cfn_parse from "../../core/lib/helpers-internal";
import { DetectorReference, FilterReference, IDetectorRef, IFilterRef, IIPSetRef, IMalwareProtectionPlanRef, IMasterRef, IMemberRef, IPSetReference, IPublishingDestinationRef, IThreatEntitySetRef, IThreatIntelSetRef, ITrustedEntitySetRef, MalwareProtectionPlanReference, MasterReference, MemberReference, PublishingDestinationReference, ThreatEntitySetReference, ThreatIntelSetReference, TrustedEntitySetReference } from "../../interfaces/generated/aws-guardduty-interfaces.generated";
/**
* The `AWS::GuardDuty::Detector` resource specifies a new GuardDuty detector.
*
* A detector is an object that represents the GuardDuty service. A detector is required for GuardDuty to become operational.
*
* Make sure you use either `DataSources` or `Features` in a one request, and not both.
*
* @cloudformationResource AWS::GuardDuty::Detector
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html
*/
export declare class CfnDetector extends cdk.CfnResource implements cdk.IInspectable, IDetectorRef, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnDetector from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnDetector;
/**
* Checks whether the given object is a CfnDetector
*/
static isCfnDetector(x: any): x is CfnDetector;
/**
* Creates a new IDetectorRef from a detectorId
*/
static fromDetectorId(scope: constructs.Construct, id: string, detectorId: string): IDetectorRef;
static arnForDetector(resource: IDetectorRef): string;
/**
* The unique ID of the detector.
*
* @cloudformationAttribute Id
*/
readonly attrId: string;
/**
* Describes which data sources will be enabled for the detector.
*/
dataSources?: CfnDetector.CFNDataSourceConfigurationsProperty | cdk.IResolvable;
/**
* Specifies whether the detector is to be enabled on creation.
*/
enable: boolean | cdk.IResolvable;
/**
* A list of features that will be configured for the detector.
*/
features?: Array<CfnDetector.CFNFeatureConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
/**
* Specifies how frequently updated findings are exported.
*/
findingPublishingFrequency?: string;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Specifies tags added to a new detector resource.
*/
tagsRaw?: Array<CfnDetector.TagItemProperty>;
/**
* Create a new `AWS::GuardDuty::Detector`.
*
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnDetectorProps);
get detectorRef(): DetectorReference;
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnDetector {
/**
* Describes whether S3 data event logs, Kubernetes audit logs, or Malware Protection will be enabled as a data source when the detector is created.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html
*/
interface CFNDataSourceConfigurationsProperty {
/**
* Describes which Kubernetes data sources are enabled for a detector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-kubernetes
*/
readonly kubernetes?: CfnDetector.CFNKubernetesConfigurationProperty | cdk.IResolvable;
/**
* Describes whether Malware Protection will be enabled as a data source.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-malwareprotection
*/
readonly malwareProtection?: CfnDetector.CFNMalwareProtectionConfigurationProperty | cdk.IResolvable;
/**
* Describes whether S3 data event logs are enabled as a data source.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-s3logs
*/
readonly s3Logs?: CfnDetector.CFNS3LogsConfigurationProperty | cdk.IResolvable;
}
/**
* Describes whether Malware Protection will be enabled as a data source.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnmalwareprotectionconfiguration.html
*/
interface CFNMalwareProtectionConfigurationProperty {
/**
* Describes the configuration of Malware Protection for EC2 instances with findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnmalwareprotectionconfiguration.html#cfn-guardduty-detector-cfnmalwareprotectionconfiguration-scanec2instancewithfindings
*/
readonly scanEc2InstanceWithFindings?: CfnDetector.CFNScanEc2InstanceWithFindingsConfigurationProperty | cdk.IResolvable;
}
/**
* Describes whether Malware Protection for EC2 instances with findings will be enabled as a data source.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnscanec2instancewithfindingsconfiguration.html
*/
interface CFNScanEc2InstanceWithFindingsConfigurationProperty {
/**
* Describes the configuration for scanning EBS volumes as data source.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnscanec2instancewithfindingsconfiguration.html#cfn-guardduty-detector-cfnscanec2instancewithfindingsconfiguration-ebsvolumes
*/
readonly ebsVolumes?: boolean | cdk.IResolvable;
}
/**
* Describes whether S3 data event logs will be enabled as a data source when the detector is created.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html
*/
interface CFNS3LogsConfigurationProperty {
/**
* The status of S3 data event logs as a data source.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html#cfn-guardduty-detector-cfns3logsconfiguration-enable
*/
readonly enable: boolean | cdk.IResolvable;
}
/**
* Describes which Kubernetes protection data sources are enabled for the detector.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html
*/
interface CFNKubernetesConfigurationProperty {
/**
* Describes whether Kubernetes audit logs are enabled as a data source for the detector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html#cfn-guardduty-detector-cfnkubernetesconfiguration-auditlogs
*/
readonly auditLogs: CfnDetector.CFNKubernetesAuditLogsConfigurationProperty | cdk.IResolvable;
}
/**
* Describes which optional data sources are enabled for a detector.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html
*/
interface CFNKubernetesAuditLogsConfigurationProperty {
/**
* Describes whether Kubernetes audit logs are enabled as a data source for the detector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html#cfn-guardduty-detector-cfnkubernetesauditlogsconfiguration-enable
*/
readonly enable: boolean | cdk.IResolvable;
}
/**
* Information about the configuration of a feature in your account.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html
*/
interface CFNFeatureConfigurationProperty {
/**
* Information about the additional configuration of a feature in your account.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-additionalconfiguration
*/
readonly additionalConfiguration?: Array<CfnDetector.CFNFeatureAdditionalConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
/**
* Name of the feature.
*
* For a list of allowed values, see [DetectorFeatureConfiguration](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorFeatureConfiguration.html#guardduty-Type-DetectorFeatureConfiguration-name) in the *GuardDuty API Reference* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-name
*/
readonly name: string;
/**
* Status of the feature configuration.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-status
*/
readonly status: string;
}
/**
* Information about the additional configuration of a feature in your account.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureadditionalconfiguration.html
*/
interface CFNFeatureAdditionalConfigurationProperty {
/**
* Name of the additional configuration.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureadditionalconfiguration.html#cfn-guardduty-detector-cfnfeatureadditionalconfiguration-name
*/
readonly name?: string;
/**
* Status of the additional configuration.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureadditionalconfiguration.html#cfn-guardduty-detector-cfnfeatureadditionalconfiguration-status
*/
readonly status?: string;
}
/**
* Describes a tag.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html
*/
interface TagItemProperty {
/**
* The tag key.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html#cfn-guardduty-detector-tagitem-key
*/
readonly key: string;
/**
* The tag value.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html#cfn-guardduty-detector-tagitem-value
*/
readonly value: string;
}
}
/**
* Properties for defining a `CfnDetector`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html
*/
export interface CfnDetectorProps {
/**
* Describes which data sources will be enabled for the detector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-datasources
*/
readonly dataSources?: CfnDetector.CFNDataSourceConfigurationsProperty | cdk.IResolvable;
/**
* Specifies whether the detector is to be enabled on creation.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-enable
*/
readonly enable: boolean | cdk.IResolvable;
/**
* A list of features that will be configured for the detector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-features
*/
readonly features?: Array<CfnDetector.CFNFeatureConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
/**
* Specifies how frequently updated findings are exported.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-findingpublishingfrequency
*/
readonly findingPublishingFrequency?: string;
/**
* Specifies tags added to a new detector resource.
*
* Each tag consists of a key and an optional value, both of which you define.
*
* Currently, support is available only for creating and deleting a tag. No support exists for updating the tags.
*
* For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-tags
*/
readonly tags?: Array<CfnDetector.TagItemProperty>;
}
/**
* The `AWS::GuardDuty::Filter` resource specifies a new filter defined by the provided `findingCriteria` .
*
* @cloudformationResource AWS::GuardDuty::Filter
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html
*/
export declare class CfnFilter extends cdk.CfnResource implements cdk.IInspectable, IFilterRef, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnFilter from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnFilter;
/**
* Checks whether the given object is a CfnFilter
*/
static isCfnFilter(x: any): x is CfnFilter;
/**
* Specifies the action that is to be applied to the findings that match the filter.
*/
action?: string;
/**
* The description of the filter.
*/
description?: string;
/**
* The detector ID associated with the GuardDuty account for which you want to create a filter.
*/
detectorId: string;
/**
* Represents the criteria to be used in the filter for querying findings.
*/
findingCriteria: CfnFilter.FindingCriteriaProperty | cdk.IResolvable;
/**
* The name of the filter.
*/
name: string;
/**
* Specifies the position of the filter in the list of current filters.
*/
rank?: number;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* The tags to be added to a new filter resource.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* Create a new `AWS::GuardDuty::Filter`.
*
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnFilterProps);
get filterRef(): FilterReference;
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnFilter {
/**
* Represents a map of finding properties that match specified conditions and values when querying findings.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html
*/
interface FindingCriteriaProperty {
/**
* Represents a map of finding properties that match specified conditions and values when querying findings.
*
* For information about JSON criterion mapping to their console equivalent, see [Finding criteria](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria) . The following are the available criterion:
*
* - accountId
* - id
* - region
* - severity
*
* To filter on the basis of severity, the API and AWS CLI use the following input list for the `FindingCriteria` condition:
*
* - *Low* : `["1", "2", "3"]`
* - *Medium* : `["4", "5", "6"]`
* - *High* : `["7", "8", "9"]`
*
* For more information, see [Severity levels for GuardDuty findings](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity) in the *Amazon GuardDuty User Guide* .
* - type
* - updatedAt
*
* Type: ISO 8601 string format: `YYYY-MM-DDTHH:MM:SS.SSSZ` or `YYYY-MM-DDTHH:MM:SSZ` depending on whether the value contains milliseconds.
* - resource.accessKeyDetails.accessKeyId
* - resource.accessKeyDetails.principalId
* - resource.accessKeyDetails.userName
* - resource.accessKeyDetails.userType
* - resource.instanceDetails.iamInstanceProfile.id
* - resource.instanceDetails.imageId
* - resource.instanceDetails.instanceId
* - resource.instanceDetails.tags.key
* - resource.instanceDetails.tags.value
* - resource.instanceDetails.networkInterfaces.ipv6Addresses
* - resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
* - resource.instanceDetails.networkInterfaces.publicDnsName
* - resource.instanceDetails.networkInterfaces.publicIp
* - resource.instanceDetails.networkInterfaces.securityGroups.groupId
* - resource.instanceDetails.networkInterfaces.securityGroups.groupName
* - resource.instanceDetails.networkInterfaces.subnetId
* - resource.instanceDetails.networkInterfaces.vpcId
* - resource.instanceDetails.outpostArn
* - resource.resourceType
* - resource.s3BucketDetails.publicAccess.effectivePermissions
* - resource.s3BucketDetails.name
* - resource.s3BucketDetails.tags.key
* - resource.s3BucketDetails.tags.value
* - resource.s3BucketDetails.type
* - service.action.actionType
* - service.action.awsApiCallAction.api
* - service.action.awsApiCallAction.callerType
* - service.action.awsApiCallAction.errorCode
* - service.action.awsApiCallAction.remoteIpDetails.city.cityName
* - service.action.awsApiCallAction.remoteIpDetails.country.countryName
* - service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
* - service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
* - service.action.awsApiCallAction.remoteIpDetails.organization.asn
* - service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
* - service.action.awsApiCallAction.serviceName
* - service.action.dnsRequestAction.domain
* - service.action.dnsRequestAction.domainWithSuffix
* - service.action.networkConnectionAction.blocked
* - service.action.networkConnectionAction.connectionDirection
* - service.action.networkConnectionAction.localPortDetails.port
* - service.action.networkConnectionAction.protocol
* - service.action.networkConnectionAction.remoteIpDetails.city.cityName
* - service.action.networkConnectionAction.remoteIpDetails.country.countryName
* - service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
* - service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
* - service.action.networkConnectionAction.remoteIpDetails.organization.asn
* - service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
* - service.action.networkConnectionAction.remotePortDetails.port
* - service.action.awsApiCallAction.remoteAccountDetails.affiliated
* - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
* - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
* - service.action.kubernetesApiCallAction.namespace
* - service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
* - service.action.kubernetesApiCallAction.requestUri
* - service.action.kubernetesApiCallAction.statusCode
* - service.action.networkConnectionAction.localIpDetails.ipAddressV4
* - service.action.networkConnectionAction.localIpDetails.ipAddressV6
* - service.action.networkConnectionAction.protocol
* - service.action.awsApiCallAction.serviceName
* - service.action.awsApiCallAction.remoteAccountDetails.accountId
* - service.additionalInfo.threatListName
* - service.resourceRole
* - resource.eksClusterDetails.name
* - resource.kubernetesDetails.kubernetesWorkloadDetails.name
* - resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
* - resource.kubernetesDetails.kubernetesUserDetails.username
* - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
* - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
* - service.ebsVolumeScanDetails.scanId
* - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
* - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
* - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
* - service.malwareScanDetails.threats.name
* - resource.ecsClusterDetails.name
* - resource.ecsClusterDetails.taskDetails.containers.image
* - resource.ecsClusterDetails.taskDetails.definitionArn
* - resource.containerDetails.image
* - resource.rdsDbInstanceDetails.dbInstanceIdentifier
* - resource.rdsDbInstanceDetails.dbClusterIdentifier
* - resource.rdsDbInstanceDetails.engine
* - resource.rdsDbUserDetails.user
* - resource.rdsDbInstanceDetails.tags.key
* - resource.rdsDbInstanceDetails.tags.value
* - service.runtimeDetails.process.executableSha256
* - service.runtimeDetails.process.name
* - service.runtimeDetails.process.name
* - resource.lambdaDetails.functionName
* - resource.lambdaDetails.functionArn
* - resource.lambdaDetails.tags.key
* - resource.lambdaDetails.tags.value
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-criterion
*/
readonly criterion?: any | cdk.IResolvable;
/**
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-itemtype
*/
readonly itemType?: CfnFilter.ConditionProperty | cdk.IResolvable;
}
/**
* Specifies the condition to apply to a single field when filtering through GuardDuty findings.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html
*/
interface ConditionProperty {
/**
* Represents the equal condition to apply to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-eq
*/
readonly eq?: Array<string>;
/**
* Represents an *equal* ** condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-equals
*/
readonly equalTo?: Array<string>;
/**
* Represents a *greater than* condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-greaterthan
*/
readonly greaterThan?: number;
/**
* Represents a *greater than or equal* condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-greaterthanorequal
*/
readonly greaterThanOrEqual?: number;
/**
* Represents a *greater than* condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-gt
*/
readonly gt?: number;
/**
* Represents the greater than or equal condition to apply to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-gte
*/
readonly gte?: number;
/**
* Represents a *less than* condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lessthan
*/
readonly lessThan?: number;
/**
* Represents a *less than or equal* condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lessthanorequal
*/
readonly lessThanOrEqual?: number;
/**
* Represents the less than condition to apply to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lt
*/
readonly lt?: number;
/**
* Represents the less than or equal condition to apply to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lte
*/
readonly lte?: number;
/**
* Represents the not equal condition to apply to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-neq
*/
readonly neq?: Array<string>;
/**
* Represents a *not equal* ** condition to be applied to a single field when querying for findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-notequals
*/
readonly notEquals?: Array<string>;
}
}
/**
* Properties for defining a `CfnFilter`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html
*/
export interface CfnFilterProps {
/**
* Specifies the action that is to be applied to the findings that match the filter.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-action
*/
readonly action?: string;
/**
* The description of the filter.
*
* Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ( `{ }` , `[ ]` , and `( )` ), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-description
*/
readonly description?: string;
/**
* The detector ID associated with the GuardDuty account for which you want to create a filter.
*
* To find the `detectorId` in the current Region, see the
* Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-detectorid
*/
readonly detectorId: string;
/**
* Represents the criteria to be used in the filter for querying findings.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-findingcriteria
*/
readonly findingCriteria: CfnFilter.FindingCriteriaProperty | cdk.IResolvable;
/**
* The name of the filter.
*
* Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-name
*/
readonly name: string;
/**
* Specifies the position of the filter in the list of current filters.
*
* Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
*
* By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, [DependsOn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) , with the following syntax: `"DependsOn":[ "ObjectName" ]` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-rank
*/
readonly rank?: number;
/**
* The tags to be added to a new filter resource.
*
* Each tag consists of a key and an optional value, both of which you define.
*
* For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-tags
*/
readonly tags?: Array<cdk.CfnTag>;
}
/**
* The `AWS::GuardDuty::IPSet` resource helps you create a list of trusted IP addresses that you can use for secure communication with AWS infrastructure and applications.
*
* Once you activate this list, GuardDuty will not generate findings when there is an activity associated with these safe IP addresses.
*
* Only the users of the GuardDuty administrator account can manage this list. These settings are also applied to the member accounts.
*
* @cloudformationResource AWS::GuardDuty::IPSet
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html
*/
export declare class CfnIPSet extends cdk.CfnResource implements cdk.IInspectable, IIPSetRef, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnIPSet from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnIPSet;
/**
* Checks whether the given object is a CfnIPSet
*/
static isCfnIPSet(x: any): x is CfnIPSet;
/**
* @cloudformationAttribute Id
*/
readonly attrId: string;
/**
* A boolean value that determines if GuardDuty can start using this list for custom threat detection.
*/
activate?: boolean | cdk.IResolvable;
/**
* The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.
*/
detectorId?: string;
/**
* The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.
*/
expectedBucketOwner?: string;
/**
* The format of the file that contains the IPSet.
*/
format: string;
/**
* The URI of the file that contains the IPSet.
*/
location: string;
/**
* The user-friendly name to identify the IPSet.
*/
name?: string;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* The tags to be added to a new threat entity set resource.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* Create a new `AWS::GuardDuty::IPSet`.
*
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnIPSetProps);
get ipSetRef(): IPSetReference;
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
/**
* Properties for defining a `CfnIPSet`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html
*/
export interface CfnIPSetProps {
/**
* A boolean value that determines if GuardDuty can start using this list for custom threat detection.
*
* For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-activate
*/
readonly activate?: boolean | cdk.IResolvable;
/**
* The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.
*
* To find the `detectorId` in the current Region, see the
* Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-detectorid
*/
readonly detectorId?: string;
/**
* The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.
*
* When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-expectedbucketowner
*/
readonly expectedBucketOwner?: string;
/**
* The format of the file that contains the IPSet.
*
* For information about supported formats, see [List formats](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list) in the *Amazon GuardDuty User Guide* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-format
*/
readonly format: string;
/**
* The URI of the file that contains the IPSet.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-location
*/
readonly location: string;
/**
* The user-friendly name to identify the IPSet.
*
* The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-name
*/
readonly name?: string;
/**
* The tags to be added to a new threat entity set resource.
*
* Each tag consists of a key and an optional value, both of which you define.
*
* For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-tags
*/
readonly tags?: Array<cdk.CfnTag>;
}
/**
* You can use the `AWS::GuardDuty::Master` resource in a GuardDuty member account to accept an invitation from a GuardDuty administrator account.
*
* The invitation to the member account must be sent prior to using the `AWS::GuardDuty::Master` resource to accept the administrator account's invitation. You can invite a member account by using the `InviteMembers` operation of the GuardDuty API, or by creating an `AWS::GuardDuty::Member` resource.
*
* @cloudformationResource AWS::GuardDuty::Master
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html
*/
export declare class CfnMaster extends cdk.CfnResource implements cdk.IInspectable, IMasterRef {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnMaster from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnMaster;
/**
* Checks whether the given object is a CfnMaster
*/
static isCfnMaster(x: any): x is CfnMaster;
/**
* The unique ID of the detector of the GuardDuty member account.
*/
detectorId: string;
/**
* The ID of the invitation that is sent to the account designated as a member account.
*/
invitationId?: string;
/**
* The AWS account ID of the account designated as the GuardDuty administrator account.
*/
masterId: string;
/**
* Create a new `AWS::GuardDuty::Master`.
*
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnMasterProps);
get masterRef(): MasterReference;
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
/**
* Properties for defining a `CfnMaster`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html
*/
export interface CfnMasterProps {
/**
* The unique ID of the detector of the GuardDuty member account.
*
* To find the `detectorId` in the current Region, see the
* Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-detectorid
*/
readonly detectorId: string;
/**
* The ID of the invitation that is sent to the account designated as a member account.
*
* You can find the invitation ID by running the [ListInvitations](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListInvitations.html) in the *GuardDuty API Reference* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-invitationid
*/
readonly invitationId?: string;
/**
* The AWS account ID of the account designated as the GuardDuty administrator account.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-masterid
*/
readonly masterId: string;
}
/**
* You can use the `AWS::GuardDuty::Member` resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account.
*
* If the value of the `Status` property is not provided or is set to `Created` , a member account is created but not invited. If the value of the `Status` property is set to `Invited` , a member account is created and invited. An `AWS::GuardDuty::Member` resource must be created with the `Status` property set to `Invited` before the `AWS::GuardDuty::Master` resource can be created in a GuardDuty member account.
*
* @cloudformationResource AWS::GuardDuty::Member
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html
*/
export declare class CfnMember extends cdk.CfnResource implements cdk.IInspectable, IMemberRef {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnMember from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnMember;
/**
* Checks whether the given object is a CfnMember
*/
static isCfnMember(x: any): x is CfnMember;
/**
* The ID of the detector associated with the GuardDuty service to add the member to.
*/
detectorId?: string;
/**
* Specifies whether or not to disable email notification for the member account that you invite.
*/
disableEmailNotification?: boolean | cdk.IResolvable;
/**
* The email address associated with the member account.
*/
email: string;
/**
* The AWS account ID of the account to designate as a member.
*/
memberId?: string;
/**
* The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
*/
message?: string;
/**
* You can use the `Status` property to update the status of the relationship between the member account and its administrator account.
*/
status?: string;
/**
* Create a new `AWS::GuardDuty::Member`.
*
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnMemberProps);
get memberRef(): MemberReference;
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
/**
* Properties for defining a `CfnMember`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html
*/
export interface CfnMemberProps {
/**
* The ID of the detector associated with the GuardDuty service to add the member to.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-detectorid
*/
readonly detectorId?: string;
/**
* Specifies whether or not to disable email notification for the member account that you invite.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-disableemailnotification
*/
readonly disableEmailNotification?: boolean | cdk.IResolvable;
/**
* The email address associated with the member account.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-email
*/
readonly email: string;
/**
* The AWS account ID of the account to designate as a member.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-memberid
*/
readonly memberId?: string;
/**
* The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-message
*/
readonly message?: string;
/**
* You can use the `Status` property to update the status of the relationship between the member account and its administrator account.
*
* Valid values are `Created` and `Invited` when using an `AWS::GuardDuty::Member` resource. If the value for this property is not provided or set to `Created` , a member account is created but not invited. If the value of this property is set to `Invited` , a member account is created and invited.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-status
*/
readonly status?: string;
}
/**
* The `AWS::GuardDuty::ThreatIntelSet` resource helps you create a list of known malicious IP addresses in your AWS environment.
*
* Once you activate this list, GuardDuty will use list the entries in this list as an additional source for threat detection and generate findings when there is an activity associated with these known malicious IP addresses. G