Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::GuardDuty::IPSet

The AWS::GuardDuty::IPSet resource creates an Amazon GuardDuty IP set. An IP set is a list of trusted IP addresses that have been whitelisted for secure communication with your AWS environment.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::GuardDuty::IPSet", "Properties" : { "Activate" : Boolean, "DetectorId" : String, "Format" : String, "Location" : String, "Name" : String } }

YAML

Copy
Type: "AWS::GuardDuty::IPSet" Properties: Activate: Boolean DetectorId: String Format: String Location: String Name: String

Properties

Activate

A Boolean value that indicates whether GuardDuty is to start using the uploaded IP set.

Required: Yes

Type: Boolean

Update requires: No interruption

DetectorId

The detector ID that specifies the GuardDuty service for which an IP set is to be created.

Required: Yes

Type: String

Update requires: Replacement

Format

The format of the file that contains the IP set. Valid values are TXT, STIX, and OTX_CSV.

Required: Yes

Type: String

Update requires: Replacement

Location

The URI of the file that contains the IP set.

Required: Yes

Type: String

Update requires: No interruption

Name

The friendly name to identify the IP set. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IP set.

Required: No

Type: String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of an AWS::GuardDuty::IPSet resource to the intrinsic Ref function, the function returns the unique ID of the created IP set.

For more information about using the Ref function, see Ref.

Examples

Declaring a GuardDuty IPSet Resource

The following example shows how to declare an AWS::GuardDuty::IPSet resource to create a GuardDuty IP set.

JSON

Copy
"myipset”: { "Type": "AWS::GuardDuty::IPSet", "Properties": { "Activate": true, "DetectorId": "12abc34d567e8f4912ab3d45e67891f2", "Format": "TXT", "Location": "https://s3-us-west-2.amazonaws.com/mybucket/myipset.txt", "Name": "MyIPSet" } }

YAML

Copy
myipset: Type: "AWS::GuardDuty::IPSet" Properties: Activate: true DetectorId: "12abc34d567e8f4912ab3d45e67891f2" Format: "TXT" Location: "https://s3-us-west-2.amazonaws.com/mybucket/myipset.txt" Name: "MyIPSet"