AWS::GuardDuty::Detector
The AWS::GuardDuty::Detector resource specifies a new Amazon GuardDuty detector. A detector is an object that
represents the Amazon GuardDuty service. A detector is
required for Amazon GuardDuty to become operational.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::GuardDuty::Detector", "Properties" : { "DataSources" :CFNDataSourceConfigurations, "Enable" :Boolean, "FindingPublishingFrequency" :String, "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::GuardDuty::Detector Properties: DataSources:CFNDataSourceConfigurationsEnable:BooleanFindingPublishingFrequency:StringTags:- Tag
Properties
DataSources-
Describes which data sources will be enabled for the detector.
Required: No
Type: CFNDataSourceConfigurations
Update requires: No interruption
Enable-
Specifies whether the detector is to be enabled on creation.
Required: Yes
Type: Boolean
Update requires: No interruption
FindingPublishingFrequency-
Specifies how frequently updated findings are exported.
Required: No
Type: String
Allowed values:
FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURSUpdate requires: No interruption
Tags-
The tags to be added to a new detector resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag.
Required: No
Type: List of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique ID of the detector.
For more information about using the Ref function, see Ref.
Examples
Declare a Detector Resource
The following example shows how to declare a GuardDuty
Detector resource:
JSON
"mydetector": { "Type" : "AWS::GuardDuty::Detector", "Properties" : { "Enable" : True, "FindingPublishingFrequency" : "FIFTEEN_MINUTES" } }
YAML
mydetector: Type: AWS::GuardDuty::Detector Properties: Enable: True FindingPublishingFrequency: FIFTEEN_MINUTES
