AWS::Macie::FindingsFilter
The AWS::Macie::FindingsFilter
resource represents an individual findings
filter that you create and save to view, analyze, and manage findings. A
findings filter is a set of criteria that specifies which
findings to include in the results of a query for findings. A findings filter
can also perform specific actions on findings that meet the filter's criteria.
A Session
must exist for the account before you can create a
FindingsFilter
. Use a DependsOn attribute to ensure that the Session
is created before the other resources. For example, "DependsOn: Session"
.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Macie::FindingsFilter", "Properties" : { "Action" :
String
, "Description" :String
, "FindingCriteria" :FindingCriteria
, "Name" :String
, "Position" :Integer
} }
YAML
Type: AWS::Macie::FindingsFilter Properties: Action:
String
Description:String
FindingCriteria:FindingCriteria
Name:String
Position:Integer
Properties
Action
-
The action to perform on findings that meet the filter criteria (
FindingCriteria
). Valid values are:-
ARCHIVE - Suppress (automatically archive) the findings.
-
NOOP - Don't perform any action on the findings.
Required: No
Type: String
Update requires: No interruption
-
Description
-
A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.
Required: No
Type: String
Update requires: No interruption
FindingCriteria
-
The criteria to use to filter findings.
Required: Yes
Type: FindingCriteria
Update requires: No interruption
Name
-
A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.
Required: Yes
Type: String
Update requires: No interruption
Position
-
The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
Required: No
Type: Integer
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the ID of the FindingsFilter
. For example,
{ "Ref": "FindingsFilter" }
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt.
Examples
The following example demonstrates how to declare an
AWS::Macie::FindingsFilter
resource.
Creating a findings filter that filters by account ID
This example creates a findings filter that suppresses (automatically archives) findings that apply to AWS resources that are owned by the specified AWS account.
JSON
{ "Type": "AWS::Macie::FindingsFilter", "DependsOn": "Session", "Properties": { "Action": "ARCHIVE", "Description": "My custom findings filter", "FindingCriteria": { "Criterion": { "AccountId": { "eq": "123456789012" } } }, "Name": "MyFilterName", "Position": 1 } }
YAML
Type: AWS::Macie::FindingsFilter DependsOn: "Session" Properties: Action: ARCHIVE Description: "My custom findings filter" FindingCriteria: Criterion: "AccountID": eq: "123456789012" Name: MyFilterName Position: 1