AWS::GuardDuty::Detector - AWS CloudFormation

AWS::GuardDuty::Detector

The AWS::GuardDuty::Detector resource specifies a new Amazon GuardDuty detector. A detector is an object that represents the Amazon GuardDuty service. A detector is required for Amazon GuardDuty to become operational.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::GuardDuty::Detector", "Properties" : { "DataSources" : CFNDataSourceConfigurations, "Enable" : Boolean, "FindingPublishingFrequency" : String } }

YAML

Type: AWS::GuardDuty::Detector Properties: DataSources: CFNDataSourceConfigurations Enable: Boolean FindingPublishingFrequency: String

Properties

DataSources

Describes which data sources will be enabled for the detector.

Required: No

Type: CFNDataSourceConfigurations

Update requires: No interruption

Enable

Specifies whether the detector is to be enabled on creation.

Required: Yes

Type: Boolean

Update requires: No interruption

FindingPublishingFrequency

Specifies how frequently updated findings are exported.

Required: No

Type: String

Allowed values: FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique ID of the detector.

For more information about using the Ref function, see Ref.

Examples

Declare a Detector Resource

The following example shows how to declare a GuardDuty Detector resource:

JSON

"mydetector": { "Type" : "AWS::GuardDuty::Detector", "Properties" : { "Enable" : True, "FindingPublishingFrequency" : "FIFTEEN_MINUTES" } }

YAML

mydetector: Type: AWS::GuardDuty::Detector Properties: Enable: True FindingPublishingFrequency: FIFTEEN_MINUTES