AWS SDK for PHP 3.x
  • Namespace
  • Class
Did this page help you? SUBMIT FEEDBACK!

Namespaces

  • Aws
    • AccessAnalyzer
      • Exception
    • Account
      • Exception
    • Acm
      • Exception
    • ACMPCA
      • Exception
    • AlexaForBusiness
      • Exception
    • Amplify
      • Exception
    • AmplifyBackend
      • Exception
    • AmplifyUIBuilder
      • Exception
    • Api
      • ErrorParser
      • Parser
        • Exception
      • Serializer
    • ApiGateway
      • Exception
    • ApiGatewayManagementApi
      • Exception
    • ApiGatewayV2
      • Exception
    • AppConfig
      • Exception
    • AppConfigData
      • Exception
    • Appflow
      • Exception
    • AppIntegrationsService
      • Exception
    • ApplicationAutoScaling
      • Exception
    • ApplicationCostProfiler
      • Exception
    • ApplicationDiscoveryService
      • Exception
    • ApplicationInsights
      • Exception
    • AppMesh
      • Exception
    • AppRegistry
      • Exception
    • AppRunner
      • Exception
    • Appstream
      • Exception
    • AppSync
      • Exception
    • Arn
      • Exception
    • Athena
      • Exception
    • AuditManager
      • Exception
    • AugmentedAIRuntime
      • Exception
    • AutoScaling
      • Exception
    • AutoScalingPlans
      • Exception
    • Backup
      • Exception
    • BackupGateway
      • Exception
    • Batch
      • Exception
    • BillingConductor
      • Exception
    • Braket
      • Exception
    • Budgets
      • Exception
    • Chime
      • Exception
    • ChimeSDKIdentity
      • Exception
    • ChimeSDKMediaPipelines
      • Exception
    • ChimeSDKMeetings
      • Exception
    • ChimeSDKMessaging
      • Exception
    • ClientSideMonitoring
      • Exception
    • Cloud9
      • Exception
    • CloudControlApi
      • Exception
    • CloudDirectory
      • Exception
    • CloudFormation
      • Exception
    • CloudFront
      • Exception
    • CloudHsm
      • Exception
    • CloudHSMV2
      • Exception
    • CloudSearch
      • Exception
    • CloudSearchDomain
      • Exception
    • CloudTrail
      • Exception
    • CloudWatch
      • Exception
    • CloudWatchEvents
      • Exception
    • CloudWatchEvidently
      • Exception
    • CloudWatchLogs
      • Exception
    • CloudWatchRUM
      • Exception
    • CodeArtifact
      • Exception
    • CodeBuild
      • Exception
    • CodeCommit
      • Exception
    • CodeDeploy
      • Exception
    • CodeGuruProfiler
      • Exception
    • CodeGuruReviewer
      • Exception
    • CodePipeline
      • Exception
    • CodeStar
      • Exception
    • CodeStarconnections
      • Exception
    • CodeStarNotifications
      • Exception
    • CognitoIdentity
      • Exception
    • CognitoIdentityProvider
      • Exception
    • CognitoSync
      • Exception
    • Comprehend
      • Exception
    • ComprehendMedical
      • Exception
    • ComputeOptimizer
      • Exception
    • ConfigService
      • Exception
    • Connect
      • Exception
    • ConnectContactLens
      • Exception
    • ConnectParticipant
      • Exception
    • ConnectWisdomService
      • Exception
    • CostandUsageReportService
      • Exception
    • CostExplorer
      • Exception
    • Credentials
    • Crypto
      • Cipher
      • Polyfill
    • CustomerProfiles
      • Exception
    • DatabaseMigrationService
      • Exception
    • DataExchange
      • Exception
    • DataPipeline
      • Exception
    • DataSync
      • Exception
    • DAX
      • Exception
    • DefaultsMode
      • Exception
    • Detective
      • Exception
    • DeviceFarm
      • Exception
    • DevOpsGuru
      • Exception
    • DirectConnect
      • Exception
    • DirectoryService
      • Exception
    • DLM
      • Exception
    • DocDB
      • Exception
    • drs
      • Exception
    • DynamoDb
      • Exception
    • DynamoDbStreams
      • Exception
    • EBS
      • Exception
    • Ec2
      • Exception
    • EC2InstanceConnect
      • Exception
    • Ecr
      • Exception
    • ECRPublic
      • Exception
    • Ecs
      • Exception
    • Efs
      • Exception
    • EKS
      • Exception
    • ElastiCache
      • Exception
    • ElasticBeanstalk
      • Exception
    • ElasticInference
      • Exception
    • ElasticLoadBalancing
      • Exception
    • ElasticLoadBalancingV2
      • Exception
    • ElasticsearchService
      • Exception
    • ElasticTranscoder
      • Exception
    • Emr
      • Exception
    • EMRContainers
      • Exception
    • Endpoint
      • UseDualstackEndpoint
        • Exception
      • UseFipsEndpoint
        • Exception
    • EndpointDiscovery
      • Exception
    • EventBridge
      • Exception
    • Exception
    • finspace
      • Exception
    • FinSpaceData
      • Exception
    • Firehose
      • Exception
    • FIS
      • Exception
    • FMS
      • Exception
    • ForecastQueryService
      • Exception
    • ForecastService
      • Exception
    • FraudDetector
      • Exception
    • FSx
      • Exception
    • GameLift
      • Exception
    • GameSparks
      • Exception
    • Glacier
      • Exception
    • GlobalAccelerator
      • Exception
    • Glue
      • Exception
    • GlueDataBrew
      • Exception
    • Greengrass
      • Exception
    • GreengrassV2
      • Exception
    • GroundStation
      • Exception
    • GuardDuty
      • Exception
    • Handler
      • GuzzleV5
      • GuzzleV6
    • Health
      • Exception
    • HealthLake
      • Exception
    • Honeycode
      • Exception
    • Iam
      • Exception
    • IdentityStore
      • Exception
    • imagebuilder
      • Exception
    • ImportExport
      • Exception
    • Inspector
      • Exception
    • Inspector2
      • Exception
    • Iot
      • Exception
    • IoT1ClickDevicesService
      • Exception
    • IoT1ClickProjects
      • Exception
    • IoTAnalytics
      • Exception
    • IotDataPlane
      • Exception
    • IoTDeviceAdvisor
      • Exception
    • IoTEvents
      • Exception
    • IoTEventsData
      • Exception
    • IoTFleetHub
      • Exception
    • IoTJobsDataPlane
      • Exception
    • IoTSecureTunneling
      • Exception
    • IoTSiteWise
      • Exception
    • IoTThingsGraph
      • Exception
    • IoTTwinMaker
      • Exception
    • IoTWireless
      • Exception
    • IVS
      • Exception
    • ivschat
      • Exception
    • Kafka
      • Exception
    • KafkaConnect
      • Exception
    • kendra
      • Exception
    • Keyspaces
      • Exception
    • Kinesis
      • Exception
    • KinesisAnalytics
      • Exception
    • KinesisAnalyticsV2
      • Exception
    • KinesisVideo
      • Exception
    • KinesisVideoArchivedMedia
      • Exception
    • KinesisVideoMedia
      • Exception
    • KinesisVideoSignalingChannels
      • Exception
    • Kms
      • Exception
    • LakeFormation
      • Exception
    • Lambda
      • Exception
    • LexModelBuildingService
      • Exception
    • LexModelsV2
      • Exception
    • LexRuntimeService
      • Exception
    • LexRuntimeV2
      • Exception
    • LicenseManager
      • Exception
    • Lightsail
      • Exception
    • LocationService
      • Exception
    • LookoutEquipment
      • Exception
    • LookoutforVision
      • Exception
    • LookoutMetrics
      • Exception
    • MachineLearning
      • Exception
    • Macie
      • Exception
    • Macie2
      • Exception
    • ManagedBlockchain
      • Exception
    • ManagedGrafana
      • Exception
    • MarketplaceCatalog
      • Exception
    • MarketplaceCommerceAnalytics
      • Exception
    • MarketplaceEntitlementService
      • Exception
    • MarketplaceMetering
      • Exception
    • MediaConnect
      • Exception
    • MediaConvert
      • Exception
    • MediaLive
      • Exception
    • MediaPackage
      • Exception
    • MediaPackageVod
      • Exception
    • MediaStore
      • Exception
    • MediaStoreData
      • Exception
    • MediaTailor
      • Exception
    • MemoryDB
      • Exception
    • mgn
      • Exception
    • MigrationHub
      • Exception
    • MigrationHubConfig
      • Exception
    • MigrationHubRefactorSpaces
      • Exception
    • MigrationHubStrategyRecommendations
      • Exception
    • Mobile
      • Exception
    • MQ
      • Exception
    • MTurk
      • Exception
    • Multipart
    • MWAA
      • Exception
    • Neptune
      • Exception
    • NetworkFirewall
      • Exception
    • NetworkManager
      • Exception
    • NimbleStudio
      • Exception
    • OpenSearchService
      • Exception
    • OpsWorks
      • Exception
    • OpsWorksCM
      • Exception
    • Organizations
      • Exception
    • Outposts
      • Exception
    • Panorama
      • Exception
    • Personalize
      • Exception
    • PersonalizeEvents
      • Exception
    • PersonalizeRuntime
      • Exception
    • PI
      • Exception
    • Pinpoint
      • Exception
    • PinpointEmail
      • Exception
    • PinpointSMSVoice
      • Exception
    • PinpointSMSVoiceV2
      • Exception
    • Polly
      • Exception
    • Pricing
      • Exception
    • PrometheusService
      • Exception
    • Proton
      • Exception
    • QLDB
      • Exception
    • QLDBSession
      • Exception
    • QuickSight
      • Exception
    • RAM
      • Exception
    • Rds
      • Exception
    • RDSDataService
      • Exception
    • RecycleBin
      • Exception
    • Redshift
      • Exception
    • RedshiftDataAPIService
      • Exception
    • Rekognition
      • Exception
    • ResilienceHub
      • Exception
    • ResourceGroups
      • Exception
    • ResourceGroupsTaggingAPI
      • Exception
    • Retry
      • Exception
    • RoboMaker
      • Exception
    • Route53
      • Exception
    • Route53Domains
      • Exception
    • Route53RecoveryCluster
      • Exception
    • Route53RecoveryControlConfig
      • Exception
    • Route53RecoveryReadiness
      • Exception
    • Route53Resolver
      • Exception
    • S3
      • Crypto
      • Exception
      • RegionalEndpoint
        • Exception
      • UseArnRegion
        • Exception
    • S3Control
      • Exception
    • S3Outposts
      • Exception
    • SageMaker
      • Exception
    • SagemakerEdgeManager
      • Exception
    • SageMakerFeatureStoreRuntime
      • Exception
    • SageMakerRuntime
      • Exception
    • SavingsPlans
      • Exception
    • Schemas
      • Exception
    • SecretsManager
      • Exception
    • SecurityHub
      • Exception
    • ServerlessApplicationRepository
      • Exception
    • ServiceCatalog
      • Exception
    • ServiceDiscovery
      • Exception
    • ServiceQuotas
      • Exception
    • Ses
      • Exception
    • SesV2
      • Exception
    • Sfn
      • Exception
    • Shield
      • Exception
    • Signature
    • signer
      • Exception
    • Sms
      • Exception
    • SnowBall
      • Exception
    • SnowDeviceManagement
      • Exception
    • Sns
      • Exception
    • Sqs
      • Exception
    • Ssm
      • Exception
    • SSMContacts
      • Exception
    • SSMIncidents
      • Exception
    • SSO
      • Exception
    • SSOAdmin
      • Exception
    • SSOOIDC
      • Exception
    • StorageGateway
      • Exception
    • Sts
      • Exception
      • RegionalEndpoints
        • Exception
    • Support
      • Exception
    • Swf
      • Exception
    • Synthetics
      • Exception
    • Textract
      • Exception
    • TimestreamQuery
      • Exception
    • TimestreamWrite
      • Exception
    • TranscribeService
      • Exception
    • Transfer
      • Exception
    • Translate
      • Exception
    • VoiceID
      • Exception
    • Waf
      • Exception
    • WafRegional
      • Exception
    • WAFV2
      • Exception
    • WellArchitected
      • Exception
    • WorkDocs
      • Exception
    • WorkLink
      • Exception
    • WorkMail
      • Exception
    • WorkMailMessageFlow
      • Exception
    • WorkSpaces
      • Exception
    • WorkSpacesWeb
      • Exception
    • XRay
      • Exception
  • GuzzleHttp
    • Promise
    • Psr7
  • Psr
    • Http
      • Message

Classes

  • Aws\AbstractConfigurationProvider
  • Aws\AccessAnalyzer\AccessAnalyzerClient
  • Aws\Account\AccountClient
  • Aws\Acm\AcmClient
  • Aws\ACMPCA\ACMPCAClient
  • Aws\AlexaForBusiness\AlexaForBusinessClient
  • Aws\Amplify\AmplifyClient
  • Aws\AmplifyBackend\AmplifyBackendClient
  • Aws\AmplifyUIBuilder\AmplifyUIBuilderClient
  • Aws\Api\AbstractModel
  • Aws\Api\ApiProvider
  • Aws\Api\DateTimeResult
  • Aws\Api\DocModel
  • Aws\Api\ErrorParser\AbstractErrorParser
  • Aws\Api\ErrorParser\JsonRpcErrorParser
  • Aws\Api\ErrorParser\RestJsonErrorParser
  • Aws\Api\ErrorParser\XmlErrorParser
  • Aws\Api\ListShape
  • Aws\Api\MapShape
  • Aws\Api\Operation
  • Aws\Api\Parser\Crc32ValidatingParser
  • Aws\Api\Parser\DecodingEventStreamIterator
  • Aws\Api\Parser\EventParsingIterator
  • Aws\Api\Parser\JsonParser
  • Aws\Api\Parser\JsonRpcParser
  • Aws\Api\Parser\QueryParser
  • Aws\Api\Parser\RestJsonParser
  • Aws\Api\Parser\RestXmlParser
  • Aws\Api\Parser\XmlParser
  • Aws\Api\Serializer\XmlBody
  • Aws\Api\Service
  • Aws\Api\Shape
  • Aws\Api\ShapeMap
  • Aws\Api\StructureShape
  • Aws\Api\TimestampShape
  • Aws\Api\Validator
  • Aws\ApiGateway\ApiGatewayClient
  • Aws\ApiGatewayManagementApi\ApiGatewayManagementApiClient
  • Aws\ApiGatewayV2\ApiGatewayV2Client
  • Aws\AppConfig\AppConfigClient
  • Aws\AppConfigData\AppConfigDataClient
  • Aws\Appflow\AppflowClient
  • Aws\AppIntegrationsService\AppIntegrationsServiceClient
  • Aws\ApplicationAutoScaling\ApplicationAutoScalingClient
  • Aws\ApplicationCostProfiler\ApplicationCostProfilerClient
  • Aws\ApplicationDiscoveryService\ApplicationDiscoveryServiceClient
  • Aws\ApplicationInsights\ApplicationInsightsClient
  • Aws\AppMesh\AppMeshClient
  • Aws\AppRegistry\AppRegistryClient
  • Aws\AppRunner\AppRunnerClient
  • Aws\Appstream\AppstreamClient
  • Aws\AppSync\AppSyncClient
  • Aws\Athena\AthenaClient
  • Aws\AuditManager\AuditManagerClient
  • Aws\AugmentedAIRuntime\AugmentedAIRuntimeClient
  • Aws\AutoScaling\AutoScalingClient
  • Aws\AutoScalingPlans\AutoScalingPlansClient
  • Aws\AwsClient
  • Aws\Backup\BackupClient
  • Aws\BackupGateway\BackupGatewayClient
  • Aws\Batch\BatchClient
  • Aws\BillingConductor\BillingConductorClient
  • Aws\Braket\BraketClient
  • Aws\Budgets\BudgetsClient
  • Aws\Chime\ChimeClient
  • Aws\ChimeSDKIdentity\ChimeSDKIdentityClient
  • Aws\ChimeSDKMediaPipelines\ChimeSDKMediaPipelinesClient
  • Aws\ChimeSDKMeetings\ChimeSDKMeetingsClient
  • Aws\ChimeSDKMessaging\ChimeSDKMessagingClient
  • Aws\ClientResolver
  • Aws\ClientSideMonitoring\Configuration
  • Aws\ClientSideMonitoring\ConfigurationProvider
  • Aws\Cloud9\Cloud9Client
  • Aws\CloudControlApi\CloudControlApiClient
  • Aws\CloudDirectory\CloudDirectoryClient
  • Aws\CloudFormation\CloudFormationClient
  • Aws\CloudFront\CloudFrontClient
  • Aws\CloudFront\CookieSigner
  • Aws\CloudFront\UrlSigner
  • Aws\CloudHsm\CloudHsmClient
  • Aws\CloudHSMV2\CloudHSMV2Client
  • Aws\CloudSearch\CloudSearchClient
  • Aws\CloudSearchDomain\CloudSearchDomainClient
  • Aws\CloudTrail\CloudTrailClient
  • Aws\CloudTrail\LogFileIterator
  • Aws\CloudTrail\LogFileReader
  • Aws\CloudTrail\LogRecordIterator
  • Aws\CloudWatch\CloudWatchClient
  • Aws\CloudWatchEvents\CloudWatchEventsClient
  • Aws\CloudWatchEvidently\CloudWatchEvidentlyClient
  • Aws\CloudWatchLogs\CloudWatchLogsClient
  • Aws\CloudWatchRUM\CloudWatchRUMClient
  • Aws\CodeArtifact\CodeArtifactClient
  • Aws\CodeBuild\CodeBuildClient
  • Aws\CodeCommit\CodeCommitClient
  • Aws\CodeDeploy\CodeDeployClient
  • Aws\CodeGuruProfiler\CodeGuruProfilerClient
  • Aws\CodeGuruReviewer\CodeGuruReviewerClient
  • Aws\CodePipeline\CodePipelineClient
  • Aws\CodeStar\CodeStarClient
  • Aws\CodeStarconnections\CodeStarconnectionsClient
  • Aws\CodeStarNotifications\CodeStarNotificationsClient
  • Aws\CognitoIdentity\CognitoIdentityClient
  • Aws\CognitoIdentity\CognitoIdentityProvider
  • Aws\CognitoIdentityProvider\CognitoIdentityProviderClient
  • Aws\CognitoSync\CognitoSyncClient
  • Aws\Command
  • Aws\CommandPool
  • Aws\Comprehend\ComprehendClient
  • Aws\ComprehendMedical\ComprehendMedicalClient
  • Aws\ComputeOptimizer\ComputeOptimizerClient
  • Aws\ConfigService\ConfigServiceClient
  • Aws\Connect\ConnectClient
  • Aws\ConnectContactLens\ConnectContactLensClient
  • Aws\ConnectParticipant\ConnectParticipantClient
  • Aws\ConnectWisdomService\ConnectWisdomServiceClient
  • Aws\CostandUsageReportService\CostandUsageReportServiceClient
  • Aws\CostExplorer\CostExplorerClient
  • Aws\Credentials\AssumeRoleCredentialProvider
  • Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider
  • Aws\Credentials\CredentialProvider
  • Aws\Credentials\Credentials
  • Aws\Credentials\EcsCredentialProvider
  • Aws\Credentials\InstanceProfileProvider
  • Aws\Crypto\AesDecryptingStream
  • Aws\Crypto\AesEncryptingStream
  • Aws\Crypto\AesGcmDecryptingStream
  • Aws\Crypto\AesGcmEncryptingStream
  • Aws\Crypto\Cipher\Cbc
  • Aws\Crypto\KmsMaterialsProvider
  • Aws\Crypto\KmsMaterialsProviderV2
  • Aws\Crypto\MaterialsProvider
  • Aws\Crypto\MaterialsProviderV2
  • Aws\Crypto\Polyfill\AesGcm
  • Aws\Crypto\Polyfill\ByteArray
  • Aws\Crypto\Polyfill\Gmac
  • Aws\Crypto\Polyfill\Key
  • Aws\CustomerProfiles\CustomerProfilesClient
  • Aws\DatabaseMigrationService\DatabaseMigrationServiceClient
  • Aws\DataExchange\DataExchangeClient
  • Aws\DataPipeline\DataPipelineClient
  • Aws\DataSync\DataSyncClient
  • Aws\DAX\DAXClient
  • Aws\DefaultsMode\Configuration
  • Aws\DefaultsMode\ConfigurationProvider
  • Aws\Detective\DetectiveClient
  • Aws\DeviceFarm\DeviceFarmClient
  • Aws\DevOpsGuru\DevOpsGuruClient
  • Aws\DirectConnect\DirectConnectClient
  • Aws\DirectoryService\DirectoryServiceClient
  • Aws\DLM\DLMClient
  • Aws\DocDB\DocDBClient
  • Aws\DoctrineCacheAdapter
  • Aws\drs\drsClient
  • Aws\DynamoDb\BinaryValue
  • Aws\DynamoDb\DynamoDbClient
  • Aws\DynamoDb\LockingSessionConnection
  • Aws\DynamoDb\Marshaler
  • Aws\DynamoDb\NumberValue
  • Aws\DynamoDb\SessionHandler
  • Aws\DynamoDb\SetValue
  • Aws\DynamoDb\StandardSessionConnection
  • Aws\DynamoDb\WriteRequestBatch
  • Aws\DynamoDbStreams\DynamoDbStreamsClient
  • Aws\EBS\EBSClient
  • Aws\Ec2\Ec2Client
  • Aws\EC2InstanceConnect\EC2InstanceConnectClient
  • Aws\Ecr\EcrClient
  • Aws\ECRPublic\ECRPublicClient
  • Aws\Ecs\EcsClient
  • Aws\Efs\EfsClient
  • Aws\EKS\EKSClient
  • Aws\ElastiCache\ElastiCacheClient
  • Aws\ElasticBeanstalk\ElasticBeanstalkClient
  • Aws\ElasticInference\ElasticInferenceClient
  • Aws\ElasticLoadBalancing\ElasticLoadBalancingClient
  • Aws\ElasticLoadBalancingV2\ElasticLoadBalancingV2Client
  • Aws\ElasticsearchService\ElasticsearchServiceClient
  • Aws\ElasticTranscoder\ElasticTranscoderClient
  • Aws\Emr\EmrClient
  • Aws\EMRContainers\EMRContainersClient
  • Aws\Endpoint\EndpointProvider
  • Aws\Endpoint\Partition
  • Aws\Endpoint\PartitionEndpointProvider
  • Aws\Endpoint\PatternEndpointProvider
  • Aws\Endpoint\UseDualstackEndpoint\Configuration
  • Aws\Endpoint\UseDualstackEndpoint\ConfigurationProvider
  • Aws\Endpoint\UseFipsEndpoint\Configuration
  • Aws\Endpoint\UseFipsEndpoint\ConfigurationProvider
  • Aws\EndpointDiscovery\Configuration
  • Aws\EndpointDiscovery\ConfigurationProvider
  • Aws\EndpointDiscovery\EndpointDiscoveryMiddleware
  • Aws\EndpointDiscovery\EndpointList
  • Aws\EventBridge\EventBridgeClient
  • Aws\finspace\finspaceClient
  • Aws\FinSpaceData\FinSpaceDataClient
  • Aws\Firehose\FirehoseClient
  • Aws\FIS\FISClient
  • Aws\FMS\FMSClient
  • Aws\ForecastQueryService\ForecastQueryServiceClient
  • Aws\ForecastService\ForecastServiceClient
  • Aws\FraudDetector\FraudDetectorClient
  • Aws\FSx\FSxClient
  • Aws\GameLift\GameLiftClient
  • Aws\GameSparks\GameSparksClient
  • Aws\Glacier\GlacierClient
  • Aws\Glacier\MultipartUploader
  • Aws\Glacier\TreeHash
  • Aws\GlobalAccelerator\GlobalAcceleratorClient
  • Aws\Glue\GlueClient
  • Aws\GlueDataBrew\GlueDataBrewClient
  • Aws\Greengrass\GreengrassClient
  • Aws\GreengrassV2\GreengrassV2Client
  • Aws\GroundStation\GroundStationClient
  • Aws\GuardDuty\GuardDutyClient
  • Aws\Handler\GuzzleV5\GuzzleHandler
  • Aws\Handler\GuzzleV5\GuzzleStream
  • Aws\Handler\GuzzleV5\PsrStream
  • Aws\Handler\GuzzleV6\GuzzleHandler
  • Aws\HandlerList
  • Aws\HashingStream
  • Aws\Health\HealthClient
  • Aws\HealthLake\HealthLakeClient
  • Aws\History
  • Aws\Honeycode\HoneycodeClient
  • Aws\Iam\IamClient
  • Aws\IdempotencyTokenMiddleware
  • Aws\IdentityStore\IdentityStoreClient
  • Aws\imagebuilder\imagebuilderClient
  • Aws\ImportExport\ImportExportClient
  • Aws\Inspector2\Inspector2Client
  • Aws\Inspector\InspectorClient
  • Aws\IoT1ClickDevicesService\IoT1ClickDevicesServiceClient
  • Aws\IoT1ClickProjects\IoT1ClickProjectsClient
  • Aws\Iot\IotClient
  • Aws\IoTAnalytics\IoTAnalyticsClient
  • Aws\IotDataPlane\IotDataPlaneClient
  • Aws\IoTDeviceAdvisor\IoTDeviceAdvisorClient
  • Aws\IoTEvents\IoTEventsClient
  • Aws\IoTEventsData\IoTEventsDataClient
  • Aws\IoTFleetHub\IoTFleetHubClient
  • Aws\IoTJobsDataPlane\IoTJobsDataPlaneClient
  • Aws\IoTSecureTunneling\IoTSecureTunnelingClient
  • Aws\IoTSiteWise\IoTSiteWiseClient
  • Aws\IoTThingsGraph\IoTThingsGraphClient
  • Aws\IoTTwinMaker\IoTTwinMakerClient
  • Aws\IoTWireless\IoTWirelessClient
  • Aws\IVS\IVSClient
  • Aws\ivschat\ivschatClient
  • Aws\JsonCompiler
  • Aws\Kafka\KafkaClient
  • Aws\KafkaConnect\KafkaConnectClient
  • Aws\kendra\kendraClient
  • Aws\Keyspaces\KeyspacesClient
  • Aws\Kinesis\KinesisClient
  • Aws\KinesisAnalytics\KinesisAnalyticsClient
  • Aws\KinesisAnalyticsV2\KinesisAnalyticsV2Client
  • Aws\KinesisVideo\KinesisVideoClient
  • Aws\KinesisVideoArchivedMedia\KinesisVideoArchivedMediaClient
  • Aws\KinesisVideoMedia\KinesisVideoMediaClient
  • Aws\KinesisVideoSignalingChannels\KinesisVideoSignalingChannelsClient
  • Aws\Kms\KmsClient
  • Aws\LakeFormation\LakeFormationClient
  • Aws\Lambda\LambdaClient
  • Aws\LexModelBuildingService\LexModelBuildingServiceClient
  • Aws\LexModelsV2\LexModelsV2Client
  • Aws\LexRuntimeService\LexRuntimeServiceClient
  • Aws\LexRuntimeV2\LexRuntimeV2Client
  • Aws\LicenseManager\LicenseManagerClient
  • Aws\Lightsail\LightsailClient
  • Aws\LocationService\LocationServiceClient
  • Aws\LookoutEquipment\LookoutEquipmentClient
  • Aws\LookoutforVision\LookoutforVisionClient
  • Aws\LookoutMetrics\LookoutMetricsClient
  • Aws\LruArrayCache
  • Aws\MachineLearning\MachineLearningClient
  • Aws\Macie2\Macie2Client
  • Aws\Macie\MacieClient
  • Aws\ManagedBlockchain\ManagedBlockchainClient
  • Aws\ManagedGrafana\ManagedGrafanaClient
  • Aws\MarketplaceCatalog\MarketplaceCatalogClient
  • Aws\MarketplaceCommerceAnalytics\MarketplaceCommerceAnalyticsClient
  • Aws\MarketplaceEntitlementService\MarketplaceEntitlementServiceClient
  • Aws\MarketplaceMetering\MarketplaceMeteringClient
  • Aws\MediaConnect\MediaConnectClient
  • Aws\MediaConvert\MediaConvertClient
  • Aws\MediaLive\MediaLiveClient
  • Aws\MediaPackage\MediaPackageClient
  • Aws\MediaPackageVod\MediaPackageVodClient
  • Aws\MediaStore\MediaStoreClient
  • Aws\MediaStoreData\MediaStoreDataClient
  • Aws\MediaTailor\MediaTailorClient
  • Aws\MemoryDB\MemoryDBClient
  • Aws\mgn\mgnClient
  • Aws\Middleware
  • Aws\MigrationHub\MigrationHubClient
  • Aws\MigrationHubConfig\MigrationHubConfigClient
  • Aws\MigrationHubRefactorSpaces\MigrationHubRefactorSpacesClient
  • Aws\MigrationHubStrategyRecommendations\MigrationHubStrategyRecommendationsClient
  • Aws\Mobile\MobileClient
  • Aws\MockHandler
  • Aws\MQ\MQClient
  • Aws\MTurk\MTurkClient
  • Aws\Multipart\UploadState
  • Aws\MultiRegionClient
  • Aws\MWAA\MWAAClient
  • Aws\Neptune\NeptuneClient
  • Aws\NetworkFirewall\NetworkFirewallClient
  • Aws\NetworkManager\NetworkManagerClient
  • Aws\NimbleStudio\NimbleStudioClient
  • Aws\OpenSearchService\OpenSearchServiceClient
  • Aws\OpsWorks\OpsWorksClient
  • Aws\OpsWorksCM\OpsWorksCMClient
  • Aws\Organizations\OrganizationsClient
  • Aws\Outposts\OutpostsClient
  • Aws\Panorama\PanoramaClient
  • Aws\Personalize\PersonalizeClient
  • Aws\PersonalizeEvents\PersonalizeEventsClient
  • Aws\PersonalizeRuntime\PersonalizeRuntimeClient
  • Aws\PhpHash
  • Aws\PI\PIClient
  • Aws\Pinpoint\PinpointClient
  • Aws\PinpointEmail\PinpointEmailClient
  • Aws\PinpointSMSVoice\PinpointSMSVoiceClient
  • Aws\PinpointSMSVoiceV2\PinpointSMSVoiceV2Client
  • Aws\Polly\PollyClient
  • Aws\PresignUrlMiddleware
  • Aws\Pricing\PricingClient
  • Aws\PrometheusService\PrometheusServiceClient
  • Aws\Proton\ProtonClient
  • Aws\Psr16CacheAdapter
  • Aws\PsrCacheAdapter
  • Aws\QLDB\QLDBClient
  • Aws\QLDBSession\QLDBSessionClient
  • Aws\QuickSight\QuickSightClient
  • Aws\RAM\RAMClient
  • Aws\Rds\AuthTokenGenerator
  • Aws\Rds\RdsClient
  • Aws\RDSDataService\RDSDataServiceClient
  • Aws\RecycleBin\RecycleBinClient
  • Aws\Redshift\RedshiftClient
  • Aws\RedshiftDataAPIService\RedshiftDataAPIServiceClient
  • Aws\Rekognition\RekognitionClient
  • Aws\ResilienceHub\ResilienceHubClient
  • Aws\ResourceGroups\ResourceGroupsClient
  • Aws\ResourceGroupsTaggingAPI\ResourceGroupsTaggingAPIClient
  • Aws\Result
  • Aws\ResultPaginator
  • Aws\Retry\Configuration
  • Aws\Retry\ConfigurationProvider
  • Aws\RoboMaker\RoboMakerClient
  • Aws\Route53\Route53Client
  • Aws\Route53Domains\Route53DomainsClient
  • Aws\Route53RecoveryCluster\Route53RecoveryClusterClient
  • Aws\Route53RecoveryControlConfig\Route53RecoveryControlConfigClient
  • Aws\Route53RecoveryReadiness\Route53RecoveryReadinessClient
  • Aws\Route53Resolver\Route53ResolverClient
  • Aws\S3\BatchDelete
  • Aws\S3\Crypto\HeadersMetadataStrategy
  • Aws\S3\Crypto\InstructionFileMetadataStrategy
  • Aws\S3\Crypto\S3EncryptionClient
  • Aws\S3\Crypto\S3EncryptionClientV2
  • Aws\S3\Crypto\S3EncryptionMultipartUploader
  • Aws\S3\Crypto\S3EncryptionMultipartUploaderV2
  • Aws\S3\GetBucketLocationParser
  • Aws\S3\MultipartUploader
  • Aws\S3\ObjectCopier
  • Aws\S3\ObjectUploader
  • Aws\S3\PostObject
  • Aws\S3\PostObjectV4
  • Aws\S3\RegionalEndpoint\Configuration
  • Aws\S3\RegionalEndpoint\ConfigurationProvider
  • Aws\S3\S3Client
  • Aws\S3\S3MultiRegionClient
  • Aws\S3\S3UriParser
  • Aws\S3\StreamWrapper
  • Aws\S3\Transfer
  • Aws\S3\UseArnRegion\Configuration
  • Aws\S3\UseArnRegion\ConfigurationProvider
  • Aws\S3\ValidateResponseChecksumParser
  • Aws\S3Control\S3ControlClient
  • Aws\S3Outposts\S3OutpostsClient
  • Aws\SageMaker\SageMakerClient
  • Aws\SagemakerEdgeManager\SagemakerEdgeManagerClient
  • Aws\SageMakerFeatureStoreRuntime\SageMakerFeatureStoreRuntimeClient
  • Aws\SageMakerRuntime\SageMakerRuntimeClient
  • Aws\SavingsPlans\SavingsPlansClient
  • Aws\Schemas\SchemasClient
  • Aws\Sdk
  • Aws\SecretsManager\SecretsManagerClient
  • Aws\SecurityHub\SecurityHubClient
  • Aws\ServerlessApplicationRepository\ServerlessApplicationRepositoryClient
  • Aws\ServiceCatalog\ServiceCatalogClient
  • Aws\ServiceDiscovery\ServiceDiscoveryClient
  • Aws\ServiceQuotas\ServiceQuotasClient
  • Aws\Ses\SesClient
  • Aws\SesV2\SesV2Client
  • Aws\Sfn\SfnClient
  • Aws\Shield\ShieldClient
  • Aws\Signature\AnonymousSignature
  • Aws\Signature\S3SignatureV4
  • Aws\Signature\SignatureProvider
  • Aws\Signature\SignatureV4
  • Aws\signer\signerClient
  • Aws\Sms\SmsClient
  • Aws\SnowBall\SnowBallClient
  • Aws\SnowDeviceManagement\SnowDeviceManagementClient
  • Aws\Sns\Message
  • Aws\Sns\MessageValidator
  • Aws\Sns\SnsClient
  • Aws\Sqs\SqsClient
  • Aws\Ssm\SsmClient
  • Aws\SSMContacts\SSMContactsClient
  • Aws\SSMIncidents\SSMIncidentsClient
  • Aws\SSO\SSOClient
  • Aws\SSOAdmin\SSOAdminClient
  • Aws\SSOOIDC\SSOOIDCClient
  • Aws\StorageGateway\StorageGatewayClient
  • Aws\Sts\RegionalEndpoints\Configuration
  • Aws\Sts\RegionalEndpoints\ConfigurationProvider
  • Aws\Sts\StsClient
  • Aws\Support\SupportClient
  • Aws\Swf\SwfClient
  • Aws\Synthetics\SyntheticsClient
  • Aws\Textract\TextractClient
  • Aws\TimestreamQuery\TimestreamQueryClient
  • Aws\TimestreamWrite\TimestreamWriteClient
  • Aws\TraceMiddleware
  • Aws\TranscribeService\TranscribeServiceClient
  • Aws\Transfer\TransferClient
  • Aws\Translate\TranslateClient
  • Aws\VoiceID\VoiceIDClient
  • Aws\Waf\WafClient
  • Aws\WafRegional\WafRegionalClient
  • Aws\WAFV2\WAFV2Client
  • Aws\Waiter
  • Aws\WellArchitected\WellArchitectedClient
  • Aws\WorkDocs\WorkDocsClient
  • Aws\WorkLink\WorkLinkClient
  • Aws\WorkMail\WorkMailClient
  • Aws\WorkMailMessageFlow\WorkMailMessageFlowClient
  • Aws\WorkSpaces\WorkSpacesClient
  • Aws\WorkSpacesWeb\WorkSpacesWebClient
  • Aws\WrappedHttpHandler
  • Aws\XRay\XRayClient

Interfaces

  • Aws\AwsClientInterface
  • Aws\CacheInterface
  • Aws\ClientSideMonitoring\ConfigurationInterface
  • Aws\CommandInterface
  • Aws\ConfigurationProviderInterface
  • Aws\Credentials\CredentialsInterface
  • Aws\Crypto\AesStreamInterface
  • Aws\Crypto\AesStreamInterfaceV2
  • Aws\Crypto\Cipher\CipherMethod
  • Aws\Crypto\MaterialsProviderInterface
  • Aws\Crypto\MaterialsProviderInterfaceV2
  • Aws\Crypto\MetadataStrategyInterface
  • Aws\DefaultsMode\ConfigurationInterface
  • Aws\DynamoDb\SessionConnectionInterface
  • Aws\Endpoint\PartitionInterface
  • Aws\Endpoint\UseDualstackEndpoint\ConfigurationInterface
  • Aws\Endpoint\UseFipsEndpoint\ConfigurationInterface
  • Aws\EndpointDiscovery\ConfigurationInterface
  • Aws\HashInterface
  • Aws\MonitoringEventsInterface
  • Aws\ResponseContainerInterface
  • Aws\ResultInterface
  • Aws\Retry\ConfigurationInterface
  • Aws\S3\RegionalEndpoint\ConfigurationInterface
  • Aws\S3\S3ClientInterface
  • Aws\S3\UseArnRegion\ConfigurationInterface
  • Aws\Signature\SignatureInterface
  • Aws\Sts\RegionalEndpoints\ConfigurationInterface

Traits

  • Aws\Api\ErrorParser\JsonParserTrait
  • Aws\Api\Parser\MetadataParserTrait
  • Aws\Api\Parser\PayloadParserTrait
  • Aws\AwsClientTrait
  • Aws\Crypto\Cipher\CipherBuilderTrait
  • Aws\Crypto\DecryptionTrait
  • Aws\Crypto\DecryptionTraitV2
  • Aws\Crypto\EncryptionTrait
  • Aws\Crypto\EncryptionTraitV2
  • Aws\Crypto\Polyfill\NeedsTrait
  • Aws\DynamoDb\SessionConnectionConfigTrait
  • Aws\HasDataTrait
  • Aws\HasMonitoringEventsTrait
  • Aws\Retry\RetryHelperTrait
  • Aws\S3\CalculatesChecksumTrait
  • Aws\S3\Crypto\CryptoParamsTrait
  • Aws\S3\Crypto\CryptoParamsTraitV2
  • Aws\S3\Crypto\UserAgentTrait
  • Aws\S3\MultipartUploadingTrait
  • Aws\S3\S3ClientTrait
  • Aws\Signature\SignatureTrait

Exceptions

  • Aws\AccessAnalyzer\Exception\AccessAnalyzerException
  • Aws\Account\Exception\AccountException
  • Aws\Acm\Exception\AcmException
  • Aws\ACMPCA\Exception\ACMPCAException
  • Aws\AlexaForBusiness\Exception\AlexaForBusinessException
  • Aws\Amplify\Exception\AmplifyException
  • Aws\AmplifyBackend\Exception\AmplifyBackendException
  • Aws\AmplifyUIBuilder\Exception\AmplifyUIBuilderException
  • Aws\Api\Parser\Exception\ParserException
  • Aws\ApiGateway\Exception\ApiGatewayException
  • Aws\ApiGatewayManagementApi\Exception\ApiGatewayManagementApiException
  • Aws\ApiGatewayV2\Exception\ApiGatewayV2Exception
  • Aws\AppConfig\Exception\AppConfigException
  • Aws\AppConfigData\Exception\AppConfigDataException
  • Aws\Appflow\Exception\AppflowException
  • Aws\AppIntegrationsService\Exception\AppIntegrationsServiceException
  • Aws\ApplicationAutoScaling\Exception\ApplicationAutoScalingException
  • Aws\ApplicationCostProfiler\Exception\ApplicationCostProfilerException
  • Aws\ApplicationDiscoveryService\Exception\ApplicationDiscoveryServiceException
  • Aws\ApplicationInsights\Exception\ApplicationInsightsException
  • Aws\AppMesh\Exception\AppMeshException
  • Aws\AppRegistry\Exception\AppRegistryException
  • Aws\AppRunner\Exception\AppRunnerException
  • Aws\Appstream\Exception\AppstreamException
  • Aws\AppSync\Exception\AppSyncException
  • Aws\Arn\Exception\InvalidArnException
  • Aws\Athena\Exception\AthenaException
  • Aws\AuditManager\Exception\AuditManagerException
  • Aws\AugmentedAIRuntime\Exception\AugmentedAIRuntimeException
  • Aws\AutoScaling\Exception\AutoScalingException
  • Aws\AutoScalingPlans\Exception\AutoScalingPlansException
  • Aws\Backup\Exception\BackupException
  • Aws\BackupGateway\Exception\BackupGatewayException
  • Aws\Batch\Exception\BatchException
  • Aws\BillingConductor\Exception\BillingConductorException
  • Aws\Braket\Exception\BraketException
  • Aws\Budgets\Exception\BudgetsException
  • Aws\Chime\Exception\ChimeException
  • Aws\ChimeSDKIdentity\Exception\ChimeSDKIdentityException
  • Aws\ChimeSDKMediaPipelines\Exception\ChimeSDKMediaPipelinesException
  • Aws\ChimeSDKMeetings\Exception\ChimeSDKMeetingsException
  • Aws\ChimeSDKMessaging\Exception\ChimeSDKMessagingException
  • Aws\ClientSideMonitoring\Exception\ConfigurationException
  • Aws\Cloud9\Exception\Cloud9Exception
  • Aws\CloudControlApi\Exception\CloudControlApiException
  • Aws\CloudDirectory\Exception\CloudDirectoryException
  • Aws\CloudFormation\Exception\CloudFormationException
  • Aws\CloudFront\Exception\CloudFrontException
  • Aws\CloudHsm\Exception\CloudHsmException
  • Aws\CloudHSMV2\Exception\CloudHSMV2Exception
  • Aws\CloudSearch\Exception\CloudSearchException
  • Aws\CloudSearchDomain\Exception\CloudSearchDomainException
  • Aws\CloudTrail\Exception\CloudTrailException
  • Aws\CloudWatch\Exception\CloudWatchException
  • Aws\CloudWatchEvents\Exception\CloudWatchEventsException
  • Aws\CloudWatchEvidently\Exception\CloudWatchEvidentlyException
  • Aws\CloudWatchLogs\Exception\CloudWatchLogsException
  • Aws\CloudWatchRUM\Exception\CloudWatchRUMException
  • Aws\CodeArtifact\Exception\CodeArtifactException
  • Aws\CodeBuild\Exception\CodeBuildException
  • Aws\CodeCommit\Exception\CodeCommitException
  • Aws\CodeDeploy\Exception\CodeDeployException
  • Aws\CodeGuruProfiler\Exception\CodeGuruProfilerException
  • Aws\CodeGuruReviewer\Exception\CodeGuruReviewerException
  • Aws\CodePipeline\Exception\CodePipelineException
  • Aws\CodeStar\Exception\CodeStarException
  • Aws\CodeStarconnections\Exception\CodeStarconnectionsException
  • Aws\CodeStarNotifications\Exception\CodeStarNotificationsException
  • Aws\CognitoIdentity\Exception\CognitoIdentityException
  • Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException
  • Aws\CognitoSync\Exception\CognitoSyncException
  • Aws\Comprehend\Exception\ComprehendException
  • Aws\ComprehendMedical\Exception\ComprehendMedicalException
  • Aws\ComputeOptimizer\Exception\ComputeOptimizerException
  • Aws\ConfigService\Exception\ConfigServiceException
  • Aws\Connect\Exception\ConnectException
  • Aws\ConnectContactLens\Exception\ConnectContactLensException
  • Aws\ConnectParticipant\Exception\ConnectParticipantException
  • Aws\ConnectWisdomService\Exception\ConnectWisdomServiceException
  • Aws\CostandUsageReportService\Exception\CostandUsageReportServiceException
  • Aws\CostExplorer\Exception\CostExplorerException
  • Aws\CustomerProfiles\Exception\CustomerProfilesException
  • Aws\DatabaseMigrationService\Exception\DatabaseMigrationServiceException
  • Aws\DataExchange\Exception\DataExchangeException
  • Aws\DataPipeline\Exception\DataPipelineException
  • Aws\DataSync\Exception\DataSyncException
  • Aws\DAX\Exception\DAXException
  • Aws\DefaultsMode\Exception\ConfigurationException
  • Aws\Detective\Exception\DetectiveException
  • Aws\DeviceFarm\Exception\DeviceFarmException
  • Aws\DevOpsGuru\Exception\DevOpsGuruException
  • Aws\DirectConnect\Exception\DirectConnectException
  • Aws\DirectoryService\Exception\DirectoryServiceException
  • Aws\DLM\Exception\DLMException
  • Aws\DocDB\Exception\DocDBException
  • Aws\drs\Exception\drsException
  • Aws\DynamoDb\Exception\DynamoDbException
  • Aws\DynamoDbStreams\Exception\DynamoDbStreamsException
  • Aws\EBS\Exception\EBSException
  • Aws\Ec2\Exception\Ec2Exception
  • Aws\EC2InstanceConnect\Exception\EC2InstanceConnectException
  • Aws\Ecr\Exception\EcrException
  • Aws\ECRPublic\Exception\ECRPublicException
  • Aws\Ecs\Exception\EcsException
  • Aws\Efs\Exception\EfsException
  • Aws\EKS\Exception\EKSException
  • Aws\ElastiCache\Exception\ElastiCacheException
  • Aws\ElasticBeanstalk\Exception\ElasticBeanstalkException
  • Aws\ElasticInference\Exception\ElasticInferenceException
  • Aws\ElasticLoadBalancing\Exception\ElasticLoadBalancingException
  • Aws\ElasticLoadBalancingV2\Exception\ElasticLoadBalancingV2Exception
  • Aws\ElasticsearchService\Exception\ElasticsearchServiceException
  • Aws\ElasticTranscoder\Exception\ElasticTranscoderException
  • Aws\Emr\Exception\EmrException
  • Aws\EMRContainers\Exception\EMRContainersException
  • Aws\Endpoint\UseDualstackEndpoint\Exception\ConfigurationException
  • Aws\Endpoint\UseFipsEndpoint\Exception\ConfigurationException
  • Aws\EndpointDiscovery\Exception\ConfigurationException
  • Aws\EventBridge\Exception\EventBridgeException
  • Aws\Exception\AwsException
  • Aws\Exception\CommonRuntimeException
  • Aws\Exception\CouldNotCreateChecksumException
  • Aws\Exception\CredentialsException
  • Aws\Exception\CryptoException
  • Aws\Exception\CryptoPolyfillException
  • Aws\Exception\EventStreamDataException
  • Aws\Exception\IncalculablePayloadException
  • Aws\Exception\InvalidJsonException
  • Aws\Exception\InvalidRegionException
  • Aws\Exception\MultipartUploadException
  • Aws\Exception\UnresolvedApiException
  • Aws\Exception\UnresolvedEndpointException
  • Aws\Exception\UnresolvedSignatureException
  • Aws\finspace\Exception\finspaceException
  • Aws\FinSpaceData\Exception\FinSpaceDataException
  • Aws\Firehose\Exception\FirehoseException
  • Aws\FIS\Exception\FISException
  • Aws\FMS\Exception\FMSException
  • Aws\ForecastQueryService\Exception\ForecastQueryServiceException
  • Aws\ForecastService\Exception\ForecastServiceException
  • Aws\FraudDetector\Exception\FraudDetectorException
  • Aws\FSx\Exception\FSxException
  • Aws\GameLift\Exception\GameLiftException
  • Aws\GameSparks\Exception\GameSparksException
  • Aws\Glacier\Exception\GlacierException
  • Aws\GlobalAccelerator\Exception\GlobalAcceleratorException
  • Aws\Glue\Exception\GlueException
  • Aws\GlueDataBrew\Exception\GlueDataBrewException
  • Aws\Greengrass\Exception\GreengrassException
  • Aws\GreengrassV2\Exception\GreengrassV2Exception
  • Aws\GroundStation\Exception\GroundStationException
  • Aws\GuardDuty\Exception\GuardDutyException
  • Aws\Health\Exception\HealthException
  • Aws\HealthLake\Exception\HealthLakeException
  • Aws\Honeycode\Exception\HoneycodeException
  • Aws\Iam\Exception\IamException
  • Aws\IdentityStore\Exception\IdentityStoreException
  • Aws\imagebuilder\Exception\imagebuilderException
  • Aws\ImportExport\Exception\ImportExportException
  • Aws\Inspector2\Exception\Inspector2Exception
  • Aws\Inspector\Exception\InspectorException
  • Aws\IoT1ClickDevicesService\Exception\IoT1ClickDevicesServiceException
  • Aws\IoT1ClickProjects\Exception\IoT1ClickProjectsException
  • Aws\Iot\Exception\IotException
  • Aws\IoTAnalytics\Exception\IoTAnalyticsException
  • Aws\IotDataPlane\Exception\IotDataPlaneException
  • Aws\IoTDeviceAdvisor\Exception\IoTDeviceAdvisorException
  • Aws\IoTEvents\Exception\IoTEventsException
  • Aws\IoTEventsData\Exception\IoTEventsDataException
  • Aws\IoTFleetHub\Exception\IoTFleetHubException
  • Aws\IoTJobsDataPlane\Exception\IoTJobsDataPlaneException
  • Aws\IoTSecureTunneling\Exception\IoTSecureTunnelingException
  • Aws\IoTSiteWise\Exception\IoTSiteWiseException
  • Aws\IoTThingsGraph\Exception\IoTThingsGraphException
  • Aws\IoTTwinMaker\Exception\IoTTwinMakerException
  • Aws\IoTWireless\Exception\IoTWirelessException
  • Aws\IVS\Exception\IVSException
  • Aws\ivschat\Exception\ivschatException
  • Aws\Kafka\Exception\KafkaException
  • Aws\KafkaConnect\Exception\KafkaConnectException
  • Aws\kendra\Exception\kendraException
  • Aws\Keyspaces\Exception\KeyspacesException
  • Aws\Kinesis\Exception\KinesisException
  • Aws\KinesisAnalytics\Exception\KinesisAnalyticsException
  • Aws\KinesisAnalyticsV2\Exception\KinesisAnalyticsV2Exception
  • Aws\KinesisVideo\Exception\KinesisVideoException
  • Aws\KinesisVideoArchivedMedia\Exception\KinesisVideoArchivedMediaException
  • Aws\KinesisVideoMedia\Exception\KinesisVideoMediaException
  • Aws\KinesisVideoSignalingChannels\Exception\KinesisVideoSignalingChannelsException
  • Aws\Kms\Exception\KmsException
  • Aws\LakeFormation\Exception\LakeFormationException
  • Aws\Lambda\Exception\LambdaException
  • Aws\LexModelBuildingService\Exception\LexModelBuildingServiceException
  • Aws\LexModelsV2\Exception\LexModelsV2Exception
  • Aws\LexRuntimeService\Exception\LexRuntimeServiceException
  • Aws\LexRuntimeV2\Exception\LexRuntimeV2Exception
  • Aws\LicenseManager\Exception\LicenseManagerException
  • Aws\Lightsail\Exception\LightsailException
  • Aws\LocationService\Exception\LocationServiceException
  • Aws\LookoutEquipment\Exception\LookoutEquipmentException
  • Aws\LookoutforVision\Exception\LookoutforVisionException
  • Aws\LookoutMetrics\Exception\LookoutMetricsException
  • Aws\MachineLearning\Exception\MachineLearningException
  • Aws\Macie2\Exception\Macie2Exception
  • Aws\Macie\Exception\MacieException
  • Aws\ManagedBlockchain\Exception\ManagedBlockchainException
  • Aws\ManagedGrafana\Exception\ManagedGrafanaException
  • Aws\MarketplaceCatalog\Exception\MarketplaceCatalogException
  • Aws\MarketplaceCommerceAnalytics\Exception\MarketplaceCommerceAnalyticsException
  • Aws\MarketplaceEntitlementService\Exception\MarketplaceEntitlementServiceException
  • Aws\MarketplaceMetering\Exception\MarketplaceMeteringException
  • Aws\MediaConnect\Exception\MediaConnectException
  • Aws\MediaConvert\Exception\MediaConvertException
  • Aws\MediaLive\Exception\MediaLiveException
  • Aws\MediaPackage\Exception\MediaPackageException
  • Aws\MediaPackageVod\Exception\MediaPackageVodException
  • Aws\MediaStore\Exception\MediaStoreException
  • Aws\MediaStoreData\Exception\MediaStoreDataException
  • Aws\MediaTailor\Exception\MediaTailorException
  • Aws\MemoryDB\Exception\MemoryDBException
  • Aws\mgn\Exception\mgnException
  • Aws\MigrationHub\Exception\MigrationHubException
  • Aws\MigrationHubConfig\Exception\MigrationHubConfigException
  • Aws\MigrationHubRefactorSpaces\Exception\MigrationHubRefactorSpacesException
  • Aws\MigrationHubStrategyRecommendations\Exception\MigrationHubStrategyRecommendationsException
  • Aws\Mobile\Exception\MobileException
  • Aws\MQ\Exception\MQException
  • Aws\MTurk\Exception\MTurkException
  • Aws\MWAA\Exception\MWAAException
  • Aws\Neptune\Exception\NeptuneException
  • Aws\NetworkFirewall\Exception\NetworkFirewallException
  • Aws\NetworkManager\Exception\NetworkManagerException
  • Aws\NimbleStudio\Exception\NimbleStudioException
  • Aws\OpenSearchService\Exception\OpenSearchServiceException
  • Aws\OpsWorks\Exception\OpsWorksException
  • Aws\OpsWorksCM\Exception\OpsWorksCMException
  • Aws\Organizations\Exception\OrganizationsException
  • Aws\Outposts\Exception\OutpostsException
  • Aws\Panorama\Exception\PanoramaException
  • Aws\Personalize\Exception\PersonalizeException
  • Aws\PersonalizeEvents\Exception\PersonalizeEventsException
  • Aws\PersonalizeRuntime\Exception\PersonalizeRuntimeException
  • Aws\PI\Exception\PIException
  • Aws\Pinpoint\Exception\PinpointException
  • Aws\PinpointEmail\Exception\PinpointEmailException
  • Aws\PinpointSMSVoice\Exception\PinpointSMSVoiceException
  • Aws\PinpointSMSVoiceV2\Exception\PinpointSMSVoiceV2Exception
  • Aws\Polly\Exception\PollyException
  • Aws\Pricing\Exception\PricingException
  • Aws\PrometheusService\Exception\PrometheusServiceException
  • Aws\Proton\Exception\ProtonException
  • Aws\QLDB\Exception\QLDBException
  • Aws\QLDBSession\Exception\QLDBSessionException
  • Aws\QuickSight\Exception\QuickSightException
  • Aws\RAM\Exception\RAMException
  • Aws\Rds\Exception\RdsException
  • Aws\RDSDataService\Exception\RDSDataServiceException
  • Aws\RecycleBin\Exception\RecycleBinException
  • Aws\Redshift\Exception\RedshiftException
  • Aws\RedshiftDataAPIService\Exception\RedshiftDataAPIServiceException
  • Aws\Rekognition\Exception\RekognitionException
  • Aws\ResilienceHub\Exception\ResilienceHubException
  • Aws\ResourceGroups\Exception\ResourceGroupsException
  • Aws\ResourceGroupsTaggingAPI\Exception\ResourceGroupsTaggingAPIException
  • Aws\Retry\Exception\ConfigurationException
  • Aws\RoboMaker\Exception\RoboMakerException
  • Aws\Route53\Exception\Route53Exception
  • Aws\Route53Domains\Exception\Route53DomainsException
  • Aws\Route53RecoveryCluster\Exception\Route53RecoveryClusterException
  • Aws\Route53RecoveryControlConfig\Exception\Route53RecoveryControlConfigException
  • Aws\Route53RecoveryReadiness\Exception\Route53RecoveryReadinessException
  • Aws\Route53Resolver\Exception\Route53ResolverException
  • Aws\S3\Exception\DeleteMultipleObjectsException
  • Aws\S3\Exception\PermanentRedirectException
  • Aws\S3\Exception\S3Exception
  • Aws\S3\Exception\S3MultipartUploadException
  • Aws\S3\RegionalEndpoint\Exception\ConfigurationException
  • Aws\S3\UseArnRegion\Exception\ConfigurationException
  • Aws\S3Control\Exception\S3ControlException
  • Aws\S3Outposts\Exception\S3OutpostsException
  • Aws\SageMaker\Exception\SageMakerException
  • Aws\SagemakerEdgeManager\Exception\SagemakerEdgeManagerException
  • Aws\SageMakerFeatureStoreRuntime\Exception\SageMakerFeatureStoreRuntimeException
  • Aws\SageMakerRuntime\Exception\SageMakerRuntimeException
  • Aws\SavingsPlans\Exception\SavingsPlansException
  • Aws\Schemas\Exception\SchemasException
  • Aws\SecretsManager\Exception\SecretsManagerException
  • Aws\SecurityHub\Exception\SecurityHubException
  • Aws\ServerlessApplicationRepository\Exception\ServerlessApplicationRepositoryException
  • Aws\ServiceCatalog\Exception\ServiceCatalogException
  • Aws\ServiceDiscovery\Exception\ServiceDiscoveryException
  • Aws\ServiceQuotas\Exception\ServiceQuotasException
  • Aws\Ses\Exception\SesException
  • Aws\SesV2\Exception\SesV2Exception
  • Aws\Sfn\Exception\SfnException
  • Aws\Shield\Exception\ShieldException
  • Aws\signer\Exception\signerException
  • Aws\Sms\Exception\SmsException
  • Aws\SnowBall\Exception\SnowBallException
  • Aws\SnowDeviceManagement\Exception\SnowDeviceManagementException
  • Aws\Sns\Exception\InvalidSnsMessageException
  • Aws\Sns\Exception\SnsException
  • Aws\Sqs\Exception\SqsException
  • Aws\Ssm\Exception\SsmException
  • Aws\SSMContacts\Exception\SSMContactsException
  • Aws\SSMIncidents\Exception\SSMIncidentsException
  • Aws\SSO\Exception\SSOException
  • Aws\SSOAdmin\Exception\SSOAdminException
  • Aws\SSOOIDC\Exception\SSOOIDCException
  • Aws\StorageGateway\Exception\StorageGatewayException
  • Aws\Sts\Exception\StsException
  • Aws\Sts\RegionalEndpoints\Exception\ConfigurationException
  • Aws\Support\Exception\SupportException
  • Aws\Swf\Exception\SwfException
  • Aws\Synthetics\Exception\SyntheticsException
  • Aws\Textract\Exception\TextractException
  • Aws\TimestreamQuery\Exception\TimestreamQueryException
  • Aws\TimestreamWrite\Exception\TimestreamWriteException
  • Aws\TranscribeService\Exception\TranscribeServiceException
  • Aws\Transfer\Exception\TransferException
  • Aws\Translate\Exception\TranslateException
  • Aws\VoiceID\Exception\VoiceIDException
  • Aws\Waf\Exception\WafException
  • Aws\WafRegional\Exception\WafRegionalException
  • Aws\WAFV2\Exception\WAFV2Exception
  • Aws\WellArchitected\Exception\WellArchitectedException
  • Aws\WorkDocs\Exception\WorkDocsException
  • Aws\WorkLink\Exception\WorkLinkException
  • Aws\WorkMail\Exception\WorkMailException
  • Aws\WorkMailMessageFlow\Exception\WorkMailMessageFlowException
  • Aws\WorkSpaces\Exception\WorkSpacesException
  • Aws\WorkSpacesWeb\Exception\WorkSpacesWebException
  • Aws\XRay\Exception\XRayException

Functions

  • Aws\boolean_value
  • Aws\clear_compiled_json
  • Aws\constantly
  • Aws\default_http_handler
  • Aws\default_user_agent
  • Aws\describe_type
  • Aws\dir_iterator
  • Aws\filter
  • Aws\flatmap
  • Aws\guzzle_major_version
  • Aws\is_fips_pseudo_region
  • Aws\is_valid_epoch
  • Aws\is_valid_hostlabel
  • Aws\is_valid_hostname
  • Aws\load_compiled_json
  • Aws\manifest
  • Aws\map
  • Aws\or_chain
  • Aws\parse_ini_file
  • Aws\partition
  • Aws\recursive_dir_iterator
  • Aws\serialize
  • Aws\strip_fips_pseudo_regions

Amazon GuardDuty 2017-11-28

Client: Aws\GuardDuty\GuardDutyClient
Service ID: guardduty
Version: 2017-11-28

This page describes the parameters and results for the operations of the Amazon GuardDuty (2017-11-28), and shows how to use the Aws\GuardDuty\GuardDutyClient object to call the described operations. This documentation is specific to the 2017-11-28 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

  • AcceptInvitation ( array $params = [] )

    Accepts the invitation to be monitored by a GuardDuty administrator account.

  • ArchiveFindings ( array $params = [] )

    Archives GuardDuty findings that are specified by the list of finding IDs.

  • CreateDetector ( array $params = [] )

    Creates a single Amazon GuardDuty detector.

  • CreateFilter ( array $params = [] )

    Creates a filter using the specified finding criteria.

  • CreateIPSet ( array $params = [] )

    Creates a new IPSet, which is called a trusted IP list in the console user interface.

  • CreateMembers ( array $params = [] )

    Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs.

  • CreatePublishingDestination ( array $params = [] )

    Creates a publishing destination to export findings to.

  • CreateSampleFindings ( array $params = [] )

    Generates example findings of types specified by the list of finding types.

  • CreateThreatIntelSet ( array $params = [] )

    Creates a new ThreatIntelSet.

  • DeclineInvitations ( array $params = [] )

    Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

  • DeleteDetector ( array $params = [] )

    Deletes an Amazon GuardDuty detector that is specified by the detector ID.

  • DeleteFilter ( array $params = [] )

    Deletes the filter specified by the filter name.

  • DeleteIPSet ( array $params = [] )

    Deletes the IPSet specified by the ipSetId.

  • DeleteInvitations ( array $params = [] )

    Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

  • DeleteMembers ( array $params = [] )

    Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

  • DeletePublishingDestination ( array $params = [] )

    Deletes the publishing definition with the specified destinationId.

  • DeleteThreatIntelSet ( array $params = [] )

    Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

  • DescribeOrganizationConfiguration ( array $params = [] )

    Returns information about the account selected as the delegated administrator for GuardDuty.

  • DescribePublishingDestination ( array $params = [] )

    Returns information about the publishing destination specified by the provided destinationId.

  • DisableOrganizationAdminAccount ( array $params = [] )

    Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.

  • DisassociateFromMasterAccount ( array $params = [] )

    Disassociates the current GuardDuty member account from its administrator account.

  • DisassociateMembers ( array $params = [] )

    Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

  • EnableOrganizationAdminAccount ( array $params = [] )

    Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.

  • GetDetector ( array $params = [] )

    Retrieves an Amazon GuardDuty detector specified by the detectorId.

  • GetFilter ( array $params = [] )

    Returns the details of the filter specified by the filter name.

  • GetFindings ( array $params = [] )

    Describes Amazon GuardDuty findings specified by finding IDs.

  • GetFindingsStatistics ( array $params = [] )

    Lists Amazon GuardDuty findings statistics for the specified detector ID.

  • GetIPSet ( array $params = [] )

    Retrieves the IPSet specified by the ipSetId.

  • GetInvitationsCount ( array $params = [] )

    Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

  • GetMasterAccount ( array $params = [] )

    Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

  • GetMemberDetectors ( array $params = [] )

    Describes which data sources are enabled for the member account's detector.

  • GetMembers ( array $params = [] )

    Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

  • GetThreatIntelSet ( array $params = [] )

    Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

  • GetUsageStatistics ( array $params = [] )

    Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID.

  • InviteMembers ( array $params = [] )

    Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.

  • ListDetectors ( array $params = [] )

    Lists detectorIds of all the existing Amazon GuardDuty detector resources.

  • ListFilters ( array $params = [] )

    Returns a paginated list of the current filters.

  • ListFindings ( array $params = [] )

    Lists Amazon GuardDuty findings for the specified detector ID.

  • ListIPSets ( array $params = [] )

    Lists the IPSets of the GuardDuty service specified by the detector ID.

  • ListInvitations ( array $params = [] )

    Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.

  • ListMembers ( array $params = [] )

    Lists details about all member accounts for the current GuardDuty administrator account.

  • ListOrganizationAdminAccounts ( array $params = [] )

    Lists the accounts configured as GuardDuty delegated administrators.

  • ListPublishingDestinations ( array $params = [] )

    Returns a list of publishing destinations associated with the specified detectorId.

  • ListTagsForResource ( array $params = [] )

    Lists tags for a resource.

  • ListThreatIntelSets ( array $params = [] )

    Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.

  • StartMonitoringMembers ( array $params = [] )

    Turns on GuardDuty monitoring of the specified member accounts.

  • StopMonitoringMembers ( array $params = [] )

    Stops GuardDuty monitoring for the specified member accounts.

  • TagResource ( array $params = [] )

    Adds tags to a resource.

  • UnarchiveFindings ( array $params = [] )

    Unarchives GuardDuty findings specified by the findingIds.

  • UntagResource ( array $params = [] )

    Removes tags from a resource.

  • UpdateDetector ( array $params = [] )

    Updates the Amazon GuardDuty detector specified by the detectorId.

  • UpdateFilter ( array $params = [] )

    Updates the filter specified by the filter name.

  • UpdateFindingsFeedback ( array $params = [] )

    Marks the specified GuardDuty findings as useful or not useful.

  • UpdateIPSet ( array $params = [] )

    Updates the IPSet specified by the IPSet ID.

  • UpdateMemberDetectors ( array $params = [] )

    Contains information on member accounts to be updated.

  • UpdateOrganizationConfiguration ( array $params = [] )

    Updates the delegated administrator account with the values provided.

  • UpdatePublishingDestination ( array $params = [] )

    Updates information about the publishing destination specified by the destinationId.

  • UpdateThreatIntelSet ( array $params = [] )

    Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

  • GetUsageStatistics
  • ListDetectors
  • ListFilters
  • ListFindings
  • ListIPSets
  • ListInvitations
  • ListMembers
  • ListOrganizationAdminAccounts
  • ListPublishingDestinations
  • ListThreatIntelSets

Operations

AcceptInvitation

$result = $client->acceptInvitation([/* ... */]);
$promise = $client->acceptInvitationAsync([/* ... */]);

Accepts the invitation to be monitored by a GuardDuty administrator account.

Parameter Syntax

$result = $client->acceptInvitation([
    'DetectorId' => '<string>', // REQUIRED
    'InvitationId' => '<string>', // REQUIRED
    'MasterId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty member account.

InvitationId
  • Required: Yes
  • Type: string

The value that is used to validate the administrator account to the member account.

MasterId
  • Required: Yes
  • Type: string

The account ID of the GuardDuty administrator account whose invitation you're accepting.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ArchiveFindings

$result = $client->archiveFindings([/* ... */]);
$promise = $client->archiveFindingsAsync([/* ... */]);

Archives GuardDuty findings that are specified by the list of finding IDs.

Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.

Parameter Syntax

$result = $client->archiveFindings([
    'DetectorId' => '<string>', // REQUIRED
    'FindingIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector that specifies the GuardDuty service whose findings you want to archive.

FindingIds
  • Required: Yes
  • Type: Array of strings

The IDs of the findings that you want to archive.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreateDetector

$result = $client->createDetector([/* ... */]);
$promise = $client->createDetectorAsync([/* ... */]);

Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.

Parameter Syntax

$result = $client->createDetector([
    'ClientToken' => '<string>',
    'DataSources' => [
        'Kubernetes' => [
            'AuditLogs' => [ // REQUIRED
                'Enable' => true || false, // REQUIRED
            ],
        ],
        'S3Logs' => [
            'Enable' => true || false, // REQUIRED
        ],
    ],
    'Enable' => true || false, // REQUIRED
    'FindingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
ClientToken
  • Type: string

The idempotency token for the create request.

DataSources
  • Type: DataSourceConfigurations structure

Describes which data sources will be enabled for the detector.

Enable
  • Required: Yes
  • Type: boolean

A Boolean value that specifies whether the detector is to be enabled.

FindingPublishingFrequency
  • Type: string

A value that specifies how frequently updated findings are exported.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags to be added to a new detector resource.

Result Syntax

[
    'DetectorId' => '<string>',
]

Result Details

Members
DetectorId
  • Type: string

The unique ID of the created detector.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreateFilter

$result = $client->createFilter([/* ... */]);
$promise = $client->createFilterAsync([/* ... */]);

Creates a filter using the specified finding criteria.

Parameter Syntax

$result = $client->createFilter([
    'Action' => 'NOOP|ARCHIVE',
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'DetectorId' => '<string>', // REQUIRED
    'FindingCriteria' => [ // REQUIRED
        'Criterion' => [
            '<String>' => [
                'Eq' => ['<string>', ...],
                'Equals' => ['<string>', ...],
                'GreaterThan' => <integer>,
                'GreaterThanOrEqual' => <integer>,
                'Gt' => <integer>,
                'Gte' => <integer>,
                'LessThan' => <integer>,
                'LessThanOrEqual' => <integer>,
                'Lt' => <integer>,
                'Lte' => <integer>,
                'Neq' => ['<string>', ...],
                'NotEquals' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'Name' => '<string>', // REQUIRED
    'Rank' => <integer>,
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
Action
  • Type: string

Specifies the action that is to be applied to the findings that match the filter.

ClientToken
  • Type: string

The idempotency token for the create request.

Description
  • Type: string

The description of the filter.

DetectorId
  • Required: Yes
  • Type: string

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

FindingCriteria
  • Required: Yes
  • Type: FindingCriteria structure

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId

  • region

  • confidence

  • id

  • resource.accessKeyDetails.accessKeyId

  • resource.accessKeyDetails.principalId

  • resource.accessKeyDetails.userName

  • resource.accessKeyDetails.userType

  • resource.instanceDetails.iamInstanceProfile.id

  • resource.instanceDetails.imageId

  • resource.instanceDetails.instanceId

  • resource.instanceDetails.outpostArn

  • resource.instanceDetails.networkInterfaces.ipv6Addresses

  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

  • resource.instanceDetails.networkInterfaces.publicDnsName

  • resource.instanceDetails.networkInterfaces.publicIp

  • resource.instanceDetails.networkInterfaces.securityGroups.groupId

  • resource.instanceDetails.networkInterfaces.securityGroups.groupName

  • resource.instanceDetails.networkInterfaces.subnetId

  • resource.instanceDetails.networkInterfaces.vpcId

  • resource.instanceDetails.tags.key

  • resource.instanceDetails.tags.value

  • resource.resourceType

  • service.action.actionType

  • service.action.awsApiCallAction.api

  • service.action.awsApiCallAction.callerType

  • service.action.awsApiCallAction.errorCode

  • service.action.awsApiCallAction.userAgent

  • service.action.awsApiCallAction.remoteIpDetails.city.cityName

  • service.action.awsApiCallAction.remoteIpDetails.country.countryName

  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

  • service.action.awsApiCallAction.remoteIpDetails.organization.asn

  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

  • service.action.awsApiCallAction.serviceName

  • service.action.dnsRequestAction.domain

  • service.action.networkConnectionAction.blocked

  • service.action.networkConnectionAction.connectionDirection

  • service.action.networkConnectionAction.localPortDetails.port

  • service.action.networkConnectionAction.protocol

  • service.action.networkConnectionAction.localIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.city.cityName

  • service.action.networkConnectionAction.remoteIpDetails.country.countryName

  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.organization.asn

  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

  • service.action.networkConnectionAction.remotePortDetails.port

  • service.additionalInfo.threatListName

  • resource.s3BucketDetails.publicAccess.effectivePermissions

  • resource.s3BucketDetails.name

  • resource.s3BucketDetails.tags.key

  • resource.s3BucketDetails.tags.value

  • resource.s3BucketDetails.type

  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole

  • severity

  • type

  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Name
  • Required: Yes
  • Type: string

The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

Rank
  • Type: int

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags to be added to a new filter resource.

Result Syntax

[
    'Name' => '<string>',
]

Result Details

Members
Name
  • Required: Yes
  • Type: string

The name of the successfully created filter.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreateIPSet

$result = $client->createIPSet([/* ... */]);
$promise = $client->createIPSetAsync([/* ... */]);

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

Parameter Syntax

$result = $client->createIPSet([
    'Activate' => true || false, // REQUIRED
    'ClientToken' => '<string>',
    'DetectorId' => '<string>', // REQUIRED
    'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE', // REQUIRED
    'Location' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
Activate
  • Required: Yes
  • Type: boolean

A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

ClientToken
  • Type: string

The idempotency token for the create request.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.

Format
  • Required: Yes
  • Type: string

The format of the file that contains the IPSet.

Location
  • Required: Yes
  • Type: string

The URI of the file that contains the IPSet.

Name
  • Required: Yes
  • Type: string

The user-friendly name to identify the IPSet.

Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags to be added to a new IP set resource.

Result Syntax

[
    'IpSetId' => '<string>',
]

Result Details

Members
IpSetId
  • Required: Yes
  • Type: string

The ID of the IPSet resource.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreateMembers

$result = $client->createMembers([/* ... */]);
$promise = $client->createMembersAsync([/* ... */]);

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.

When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.

If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members .

Parameter Syntax

$result = $client->createMembers([
    'AccountDetails' => [ // REQUIRED
        [
            'AccountId' => '<string>', // REQUIRED
            'Email' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountDetails
  • Required: Yes
  • Type: Array of AccountDetail structures

A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that include the accountIds of the unprocessed accounts and a result string that explains why each was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreatePublishingDestination

$result = $client->createPublishingDestination([/* ... */]);
$promise = $client->createPublishingDestinationAsync([/* ... */]);

Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.

Parameter Syntax

$result = $client->createPublishingDestination([
    'ClientToken' => '<string>',
    'DestinationProperties' => [ // REQUIRED
        'DestinationArn' => '<string>',
        'KmsKeyArn' => '<string>',
    ],
    'DestinationType' => 'S3', // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
  • Type: string

The idempotency token for the request.

DestinationProperties
  • Required: Yes
  • Type: DestinationProperties structure

The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

DestinationType
  • Required: Yes
  • Type: string

The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.

DetectorId
  • Required: Yes
  • Type: string

The ID of the GuardDuty detector associated with the publishing destination.

Result Syntax

[
    'DestinationId' => '<string>',
]

Result Details

Members
DestinationId
  • Required: Yes
  • Type: string

The ID of the publishing destination that is created.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreateSampleFindings

$result = $client->createSampleFindings([/* ... */]);
$promise = $client->createSampleFindingsAsync([/* ... */]);

Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.

Parameter Syntax

$result = $client->createSampleFindings([
    'DetectorId' => '<string>', // REQUIRED
    'FindingTypes' => ['<string>', ...],
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector to create sample findings for.

FindingTypes
  • Type: Array of strings

The types of sample findings to generate.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

CreateThreatIntelSet

$result = $client->createThreatIntelSet([/* ... */]);
$promise = $client->createThreatIntelSetAsync([/* ... */]);

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

Parameter Syntax

$result = $client->createThreatIntelSet([
    'Activate' => true || false, // REQUIRED
    'ClientToken' => '<string>',
    'DetectorId' => '<string>', // REQUIRED
    'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE', // REQUIRED
    'Location' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
Activate
  • Required: Yes
  • Type: boolean

A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

ClientToken
  • Type: string

The idempotency token for the create request.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.

Format
  • Required: Yes
  • Type: string

The format of the file that contains the ThreatIntelSet.

Location
  • Required: Yes
  • Type: string

The URI of the file that contains the ThreatIntelSet.

Name
  • Required: Yes
  • Type: string

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags to be added to a new threat list resource.

Result Syntax

[
    'ThreatIntelSetId' => '<string>',
]

Result Details

Members
ThreatIntelSetId
  • Required: Yes
  • Type: string

The ID of the ThreatIntelSet resource.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeclineInvitations

$result = $client->declineInvitations([/* ... */]);
$promise = $client->declineInvitationsAsync([/* ... */]);

Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Parameter Syntax

$result = $client->declineInvitations([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to decline invitations from.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeleteDetector

$result = $client->deleteDetector([/* ... */]);
$promise = $client->deleteDetectorAsync([/* ... */]);

Deletes an Amazon GuardDuty detector that is specified by the detector ID.

Parameter Syntax

$result = $client->deleteDetector([
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeleteFilter

$result = $client->deleteFilter([/* ... */]);
$promise = $client->deleteFilterAsync([/* ... */]);

Deletes the filter specified by the filter name.

Parameter Syntax

$result = $client->deleteFilter([
    'DetectorId' => '<string>', // REQUIRED
    'FilterName' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the filter is associated with.

FilterName
  • Required: Yes
  • Type: string

The name of the filter that you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeleteIPSet

$result = $client->deleteIPSet([/* ... */]);
$promise = $client->deleteIPSetAsync([/* ... */]);

Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.

Parameter Syntax

$result = $client->deleteIPSet([
    'DetectorId' => '<string>', // REQUIRED
    'IpSetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector associated with the IPSet.

IpSetId
  • Required: Yes
  • Type: string

The unique ID of the IPSet to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeleteInvitations

$result = $client->deleteInvitations([/* ... */]);
$promise = $client->deleteInvitationsAsync([/* ... */]);

Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Parameter Syntax

$result = $client->deleteInvitations([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeleteMembers

$result = $client->deleteMembers([/* ... */]);
$promise = $client->deleteMembersAsync([/* ... */]);

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

Parameter Syntax

$result = $client->deleteMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the GuardDuty member accounts that you want to delete.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account whose members you want to delete.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

The accounts that could not be processed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeletePublishingDestination

$result = $client->deletePublishingDestination([/* ... */]);
$promise = $client->deletePublishingDestinationAsync([/* ... */]);

Deletes the publishing definition with the specified destinationId.

Parameter Syntax

$result = $client->deletePublishingDestination([
    'DestinationId' => '<string>', // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DestinationId
  • Required: Yes
  • Type: string

The ID of the publishing destination to delete.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector associated with the publishing destination to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DeleteThreatIntelSet

$result = $client->deleteThreatIntelSet([/* ... */]);
$promise = $client->deleteThreatIntelSetAsync([/* ... */]);

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

Parameter Syntax

$result = $client->deleteThreatIntelSet([
    'DetectorId' => '<string>', // REQUIRED
    'ThreatIntelSetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the threatIntelSet is associated with.

ThreatIntelSetId
  • Required: Yes
  • Type: string

The unique ID of the threatIntelSet that you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DescribeOrganizationConfiguration

$result = $client->describeOrganizationConfiguration([/* ... */]);
$promise = $client->describeOrganizationConfigurationAsync([/* ... */]);

Returns information about the account selected as the delegated administrator for GuardDuty.

Parameter Syntax

$result = $client->describeOrganizationConfiguration([
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector to retrieve information about the delegated administrator from.

Result Syntax

[
    'AutoEnable' => true || false,
    'DataSources' => [
        'Kubernetes' => [
            'AuditLogs' => [
                'AutoEnable' => true || false,
            ],
        ],
        'S3Logs' => [
            'AutoEnable' => true || false,
        ],
    ],
    'MemberAccountLimitReached' => true || false,
]

Result Details

Members
AutoEnable
  • Required: Yes
  • Type: boolean

Indicates whether GuardDuty is automatically enabled for accounts added to the organization.

DataSources
  • Type: OrganizationDataSourceConfigurationsResult structure

Describes which data sources are enabled automatically for member accounts.

MemberAccountLimitReached
  • Required: Yes
  • Type: boolean

Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DescribePublishingDestination

$result = $client->describePublishingDestination([/* ... */]);
$promise = $client->describePublishingDestinationAsync([/* ... */]);

Returns information about the publishing destination specified by the provided destinationId.

Parameter Syntax

$result = $client->describePublishingDestination([
    'DestinationId' => '<string>', // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DestinationId
  • Required: Yes
  • Type: string

The ID of the publishing destination to retrieve.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector associated with the publishing destination to retrieve.

Result Syntax

[
    'DestinationId' => '<string>',
    'DestinationProperties' => [
        'DestinationArn' => '<string>',
        'KmsKeyArn' => '<string>',
    ],
    'DestinationType' => 'S3',
    'PublishingFailureStartTimestamp' => <integer>,
    'Status' => 'PENDING_VERIFICATION|PUBLISHING|UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY|STOPPED',
]

Result Details

Members
DestinationId
  • Required: Yes
  • Type: string

The ID of the publishing destination.

DestinationProperties
  • Required: Yes
  • Type: DestinationProperties structure

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

DestinationType
  • Required: Yes
  • Type: string

The type of publishing destination. Currently, only Amazon S3 buckets are supported.

PublishingFailureStartTimestamp
  • Required: Yes
  • Type: long (int|float)

The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

Status
  • Required: Yes
  • Type: string

The status of the publishing destination.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DisableOrganizationAdminAccount

$result = $client->disableOrganizationAdminAccount([/* ... */]);
$promise = $client->disableOrganizationAdminAccountAsync([/* ... */]);

Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.

Parameter Syntax

$result = $client->disableOrganizationAdminAccount([
    'AdminAccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AdminAccountId
  • Required: Yes
  • Type: string

The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DisassociateFromMasterAccount

$result = $client->disassociateFromMasterAccount([/* ... */]);
$promise = $client->disassociateFromMasterAccountAsync([/* ... */]);

Disassociates the current GuardDuty member account from its administrator account.

Parameter Syntax

$result = $client->disassociateFromMasterAccount([
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty member account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

DisassociateMembers

$result = $client->disassociateMembers([/* ... */]);
$promise = $client->disassociateMembersAsync([/* ... */]);

Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. Member accounts added through Invitation get deleted from the current GuardDuty administrator account after 30 days of disassociation.

Parameter Syntax

$result = $client->disassociateMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

EnableOrganizationAdminAccount

$result = $client->enableOrganizationAdminAccount([/* ... */]);
$promise = $client->enableOrganizationAdminAccountAsync([/* ... */]);

Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.

Parameter Syntax

$result = $client->enableOrganizationAdminAccount([
    'AdminAccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AdminAccountId
  • Required: Yes
  • Type: string

The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated administrator.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetDetector

$result = $client->getDetector([/* ... */]);
$promise = $client->getDetectorAsync([/* ... */]);

Retrieves an Amazon GuardDuty detector specified by the detectorId.

Parameter Syntax

$result = $client->getDetector([
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that you want to get.

Result Syntax

[
    'CreatedAt' => '<string>',
    'DataSources' => [
        'CloudTrail' => [
            'Status' => 'ENABLED|DISABLED',
        ],
        'DNSLogs' => [
            'Status' => 'ENABLED|DISABLED',
        ],
        'FlowLogs' => [
            'Status' => 'ENABLED|DISABLED',
        ],
        'Kubernetes' => [
            'AuditLogs' => [
                'Status' => 'ENABLED|DISABLED',
            ],
        ],
        'S3Logs' => [
            'Status' => 'ENABLED|DISABLED',
        ],
    ],
    'FindingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
    'ServiceRole' => '<string>',
    'Status' => 'ENABLED|DISABLED',
    'Tags' => ['<string>', ...],
    'UpdatedAt' => '<string>',
]

Result Details

Members
CreatedAt
  • Type: string

The timestamp of when the detector was created.

DataSources
  • Type: DataSourceConfigurationsResult structure

Describes which data sources are enabled for the detector.

FindingPublishingFrequency
  • Type: string

The publishing frequency of the finding.

ServiceRole
  • Required: Yes
  • Type: string

The GuardDuty service role.

Status
  • Required: Yes
  • Type: string

The detector status.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags of the detector resource.

UpdatedAt
  • Type: string

The last-updated timestamp for the detector.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetFilter

$result = $client->getFilter([/* ... */]);
$promise = $client->getFilterAsync([/* ... */]);

Returns the details of the filter specified by the filter name.

Parameter Syntax

$result = $client->getFilter([
    'DetectorId' => '<string>', // REQUIRED
    'FilterName' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the filter is associated with.

FilterName
  • Required: Yes
  • Type: string

The name of the filter you want to get.

Result Syntax

[
    'Action' => 'NOOP|ARCHIVE',
    'Description' => '<string>',
    'FindingCriteria' => [
        'Criterion' => [
            '<String>' => [
                'Eq' => ['<string>', ...],
                'Equals' => ['<string>', ...],
                'GreaterThan' => <integer>,
                'GreaterThanOrEqual' => <integer>,
                'Gt' => <integer>,
                'Gte' => <integer>,
                'LessThan' => <integer>,
                'LessThanOrEqual' => <integer>,
                'Lt' => <integer>,
                'Lte' => <integer>,
                'Neq' => ['<string>', ...],
                'NotEquals' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'Name' => '<string>',
    'Rank' => <integer>,
    'Tags' => ['<string>', ...],
]

Result Details

Members
Action
  • Required: Yes
  • Type: string

Specifies the action that is to be applied to the findings that match the filter.

Description
  • Type: string

The description of the filter.

FindingCriteria
  • Required: Yes
  • Type: FindingCriteria structure

Represents the criteria to be used in the filter for querying findings.

Name
  • Required: Yes
  • Type: string

The name of the filter.

Rank
  • Type: int

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags of the filter resource.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetFindings

$result = $client->getFindings([/* ... */]);
$promise = $client->getFindingsAsync([/* ... */]);

Describes Amazon GuardDuty findings specified by finding IDs.

Parameter Syntax

$result = $client->getFindings([
    'DetectorId' => '<string>', // REQUIRED
    'FindingIds' => ['<string>', ...], // REQUIRED
    'SortCriteria' => [
        'AttributeName' => '<string>',
        'OrderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

FindingIds
  • Required: Yes
  • Type: Array of strings

The IDs of the findings that you want to retrieve.

SortCriteria
  • Type: SortCriteria structure

Represents the criteria used for sorting findings.

Result Syntax

[
    'Findings' => [
        [
            'AccountId' => '<string>',
            'Arn' => '<string>',
            'Confidence' => <float>,
            'CreatedAt' => '<string>',
            'Description' => '<string>',
            'Id' => '<string>',
            'Partition' => '<string>',
            'Region' => '<string>',
            'Resource' => [
                'AccessKeyDetails' => [
                    'AccessKeyId' => '<string>',
                    'PrincipalId' => '<string>',
                    'UserName' => '<string>',
                    'UserType' => '<string>',
                ],
                'EksClusterDetails' => [
                    'Arn' => '<string>',
                    'CreatedAt' => <DateTime>,
                    'Name' => '<string>',
                    'Status' => '<string>',
                    'Tags' => [
                        [
                            'Key' => '<string>',
                            'Value' => '<string>',
                        ],
                        // ...
                    ],
                    'VpcId' => '<string>',
                ],
                'InstanceDetails' => [
                    'AvailabilityZone' => '<string>',
                    'IamInstanceProfile' => [
                        'Arn' => '<string>',
                        'Id' => '<string>',
                    ],
                    'ImageDescription' => '<string>',
                    'ImageId' => '<string>',
                    'InstanceId' => '<string>',
                    'InstanceState' => '<string>',
                    'InstanceType' => '<string>',
                    'LaunchTime' => '<string>',
                    'NetworkInterfaces' => [
                        [
                            'Ipv6Addresses' => ['<string>', ...],
                            'NetworkInterfaceId' => '<string>',
                            'PrivateDnsName' => '<string>',
                            'PrivateIpAddress' => '<string>',
                            'PrivateIpAddresses' => [
                                [
                                    'PrivateDnsName' => '<string>',
                                    'PrivateIpAddress' => '<string>',
                                ],
                                // ...
                            ],
                            'PublicDnsName' => '<string>',
                            'PublicIp' => '<string>',
                            'SecurityGroups' => [
                                [
                                    'GroupId' => '<string>',
                                    'GroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'SubnetId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        // ...
                    ],
                    'OutpostArn' => '<string>',
                    'Platform' => '<string>',
                    'ProductCodes' => [
                        [
                            'Code' => '<string>',
                            'ProductType' => '<string>',
                        ],
                        // ...
                    ],
                    'Tags' => [
                        [
                            'Key' => '<string>',
                            'Value' => '<string>',
                        ],
                        // ...
                    ],
                ],
                'KubernetesDetails' => [
                    'KubernetesUserDetails' => [
                        'Groups' => ['<string>', ...],
                        'Uid' => '<string>',
                        'Username' => '<string>',
                    ],
                    'KubernetesWorkloadDetails' => [
                        'Containers' => [
                            [
                                'ContainerRuntime' => '<string>',
                                'Id' => '<string>',
                                'Image' => '<string>',
                                'ImagePrefix' => '<string>',
                                'Name' => '<string>',
                                'SecurityContext' => [
                                    'Privileged' => true || false,
                                ],
                                'VolumeMounts' => [
                                    [
                                        'MountPath' => '<string>',
                                        'Name' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            // ...
                        ],
                        'HostNetwork' => true || false,
                        'Name' => '<string>',
                        'Namespace' => '<string>',
                        'Type' => '<string>',
                        'Uid' => '<string>',
                        'Volumes' => [
                            [
                                'HostPath' => [
                                    'Path' => '<string>',
                                ],
                                'Name' => '<string>',
                            ],
                            // ...
                        ],
                    ],
                ],
                'ResourceType' => '<string>',
                'S3BucketDetails' => [
                    [
                        'Arn' => '<string>',
                        'CreatedAt' => <DateTime>,
                        'DefaultServerSideEncryption' => [
                            'EncryptionType' => '<string>',
                            'KmsMasterKeyArn' => '<string>',
                        ],
                        'Name' => '<string>',
                        'Owner' => [
                            'Id' => '<string>',
                        ],
                        'PublicAccess' => [
                            'EffectivePermission' => '<string>',
                            'PermissionConfiguration' => [
                                'AccountLevelPermissions' => [
                                    'BlockPublicAccess' => [
                                        'BlockPublicAcls' => true || false,
                                        'BlockPublicPolicy' => true || false,
                                        'IgnorePublicAcls' => true || false,
                                        'RestrictPublicBuckets' => true || false,
                                    ],
                                ],
                                'BucketLevelPermissions' => [
                                    'AccessControlList' => [
                                        'AllowsPublicReadAccess' => true || false,
                                        'AllowsPublicWriteAccess' => true || false,
                                    ],
                                    'BlockPublicAccess' => [
                                        'BlockPublicAcls' => true || false,
                                        'BlockPublicPolicy' => true || false,
                                        'IgnorePublicAcls' => true || false,
                                        'RestrictPublicBuckets' => true || false,
                                    ],
                                    'BucketPolicy' => [
                                        'AllowsPublicReadAccess' => true || false,
                                        'AllowsPublicWriteAccess' => true || false,
                                    ],
                                ],
                            ],
                        ],
                        'Tags' => [
                            [
                                'Key' => '<string>',
                                'Value' => '<string>',
                            ],
                            // ...
                        ],
                        'Type' => '<string>',
                    ],
                    // ...
                ],
            ],
            'SchemaVersion' => '<string>',
            'Service' => [
                'Action' => [
                    'ActionType' => '<string>',
                    'AwsApiCallAction' => [
                        'Api' => '<string>',
                        'CallerType' => '<string>',
                        'DomainDetails' => [
                            'Domain' => '<string>',
                        ],
                        'ErrorCode' => '<string>',
                        'RemoteAccountDetails' => [
                            'AccountId' => '<string>',
                            'Affiliated' => true || false,
                        ],
                        'RemoteIpDetails' => [
                            'City' => [
                                'CityName' => '<string>',
                            ],
                            'Country' => [
                                'CountryCode' => '<string>',
                                'CountryName' => '<string>',
                            ],
                            'GeoLocation' => [
                                'Lat' => <float>,
                                'Lon' => <float>,
                            ],
                            'IpAddressV4' => '<string>',
                            'Organization' => [
                                'Asn' => '<string>',
                                'AsnOrg' => '<string>',
                                'Isp' => '<string>',
                                'Org' => '<string>',
                            ],
                        ],
                        'ServiceName' => '<string>',
                        'UserAgent' => '<string>',
                    ],
                    'DnsRequestAction' => [
                        'Domain' => '<string>',
                    ],
                    'KubernetesApiCallAction' => [
                        'Parameters' => '<string>',
                        'RemoteIpDetails' => [
                            'City' => [
                                'CityName' => '<string>',
                            ],
                            'Country' => [
                                'CountryCode' => '<string>',
                                'CountryName' => '<string>',
                            ],
                            'GeoLocation' => [
                                'Lat' => <float>,
                                'Lon' => <float>,
                            ],
                            'IpAddressV4' => '<string>',
                            'Organization' => [
                                'Asn' => '<string>',
                                'AsnOrg' => '<string>',
                                'Isp' => '<string>',
                                'Org' => '<string>',
                            ],
                        ],
                        'RequestUri' => '<string>',
                        'SourceIps' => ['<string>', ...],
                        'StatusCode' => <integer>,
                        'UserAgent' => '<string>',
                        'Verb' => '<string>',
                    ],
                    'NetworkConnectionAction' => [
                        'Blocked' => true || false,
                        'ConnectionDirection' => '<string>',
                        'LocalIpDetails' => [
                            'IpAddressV4' => '<string>',
                        ],
                        'LocalPortDetails' => [
                            'Port' => <integer>,
                            'PortName' => '<string>',
                        ],
                        'Protocol' => '<string>',
                        'RemoteIpDetails' => [
                            'City' => [
                                'CityName' => '<string>',
                            ],
                            'Country' => [
                                'CountryCode' => '<string>',
                                'CountryName' => '<string>',
                            ],
                            'GeoLocation' => [
                                'Lat' => <float>,
                                'Lon' => <float>,
                            ],
                            'IpAddressV4' => '<string>',
                            'Organization' => [
                                'Asn' => '<string>',
                                'AsnOrg' => '<string>',
                                'Isp' => '<string>',
                                'Org' => '<string>',
                            ],
                        ],
                        'RemotePortDetails' => [
                            'Port' => <integer>,
                            'PortName' => '<string>',
                        ],
                    ],
                    'PortProbeAction' => [
                        'Blocked' => true || false,
                        'PortProbeDetails' => [
                            [
                                'LocalIpDetails' => [
                                    'IpAddressV4' => '<string>',
                                ],
                                'LocalPortDetails' => [
                                    'Port' => <integer>,
                                    'PortName' => '<string>',
                                ],
                                'RemoteIpDetails' => [
                                    'City' => [
                                        'CityName' => '<string>',
                                    ],
                                    'Country' => [
                                        'CountryCode' => '<string>',
                                        'CountryName' => '<string>',
                                    ],
                                    'GeoLocation' => [
                                        'Lat' => <float>,
                                        'Lon' => <float>,
                                    ],
                                    'IpAddressV4' => '<string>',
                                    'Organization' => [
                                        'Asn' => '<string>',
                                        'AsnOrg' => '<string>',
                                        'Isp' => '<string>',
                                        'Org' => '<string>',
                                    ],
                                ],
                            ],
                            // ...
                        ],
                    ],
                ],
                'Archived' => true || false,
                'Count' => <integer>,
                'DetectorId' => '<string>',
                'EventFirstSeen' => '<string>',
                'EventLastSeen' => '<string>',
                'Evidence' => [
                    'ThreatIntelligenceDetails' => [
                        [
                            'ThreatListName' => '<string>',
                            'ThreatNames' => ['<string>', ...],
                        ],
                        // ...
                    ],
                ],
                'ResourceRole' => '<string>',
                'ServiceName' => '<string>',
                'UserFeedback' => '<string>',
            ],
            'Severity' => <float>,
            'Title' => '<string>',
            'Type' => '<string>',
            'UpdatedAt' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Findings
  • Required: Yes
  • Type: Array of Finding structures

A list of findings.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetFindingsStatistics

$result = $client->getFindingsStatistics([/* ... */]);
$promise = $client->getFindingsStatisticsAsync([/* ... */]);

Lists Amazon GuardDuty findings statistics for the specified detector ID.

Parameter Syntax

$result = $client->getFindingsStatistics([
    'DetectorId' => '<string>', // REQUIRED
    'FindingCriteria' => [
        'Criterion' => [
            '<String>' => [
                'Eq' => ['<string>', ...],
                'Equals' => ['<string>', ...],
                'GreaterThan' => <integer>,
                'GreaterThanOrEqual' => <integer>,
                'Gt' => <integer>,
                'Gte' => <integer>,
                'LessThan' => <integer>,
                'LessThanOrEqual' => <integer>,
                'Lt' => <integer>,
                'Lte' => <integer>,
                'Neq' => ['<string>', ...],
                'NotEquals' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'FindingStatisticTypes' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.

FindingCriteria
  • Type: FindingCriteria structure

Represents the criteria that is used for querying findings.

FindingStatisticTypes
  • Required: Yes
  • Type: Array of strings

The types of finding statistics to retrieve.

Result Syntax

[
    'FindingStatistics' => [
        'CountBySeverity' => [<integer>, ...],
    ],
]

Result Details

Members
FindingStatistics
  • Required: Yes
  • Type: FindingStatistics structure

The finding statistics object.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetIPSet

$result = $client->getIPSet([/* ... */]);
$promise = $client->getIPSetAsync([/* ... */]);

Retrieves the IPSet specified by the ipSetId.

Parameter Syntax

$result = $client->getIPSet([
    'DetectorId' => '<string>', // REQUIRED
    'IpSetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the IPSet is associated with.

IpSetId
  • Required: Yes
  • Type: string

The unique ID of the IPSet to retrieve.

Result Syntax

[
    'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
    'Location' => '<string>',
    'Name' => '<string>',
    'Status' => 'INACTIVE|ACTIVATING|ACTIVE|DEACTIVATING|ERROR|DELETE_PENDING|DELETED',
    'Tags' => ['<string>', ...],
]

Result Details

Members
Format
  • Required: Yes
  • Type: string

The format of the file that contains the IPSet.

Location
  • Required: Yes
  • Type: string

The URI of the file that contains the IPSet.

Name
  • Required: Yes
  • Type: string

The user-friendly name for the IPSet.

Status
  • Required: Yes
  • Type: string

The status of IPSet file that was uploaded.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags of the IPSet resource.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetInvitationsCount

$result = $client->getInvitationsCount([/* ... */]);
$promise = $client->getInvitationsCountAsync([/* ... */]);

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Parameter Syntax

$result = $client->getInvitationsCount([
]);

Parameter Details

Members

Result Syntax

[
    'InvitationsCount' => <integer>,
]

Result Details

Members
InvitationsCount
  • Type: int

The number of received invitations.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetMasterAccount

$result = $client->getMasterAccount([/* ... */]);
$promise = $client->getMasterAccountAsync([/* ... */]);

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

Parameter Syntax

$result = $client->getMasterAccount([
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty member account.

Result Syntax

[
    'Master' => [
        'AccountId' => '<string>',
        'InvitationId' => '<string>',
        'InvitedAt' => '<string>',
        'RelationshipStatus' => '<string>',
    ],
]

Result Details

Members
Master
  • Required: Yes
  • Type: Master structure

The administrator account details.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetMemberDetectors

$result = $client->getMemberDetectors([/* ... */]);
$promise = $client->getMemberDetectorsAsync([/* ... */]);

Describes which data sources are enabled for the member account's detector.

Parameter Syntax

$result = $client->getMemberDetectors([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

The account ID of the member account.

DetectorId
  • Required: Yes
  • Type: string

The detector ID for the administrator account.

Result Syntax

[
    'MemberDataSourceConfigurations' => [
        [
            'AccountId' => '<string>',
            'DataSources' => [
                'CloudTrail' => [
                    'Status' => 'ENABLED|DISABLED',
                ],
                'DNSLogs' => [
                    'Status' => 'ENABLED|DISABLED',
                ],
                'FlowLogs' => [
                    'Status' => 'ENABLED|DISABLED',
                ],
                'Kubernetes' => [
                    'AuditLogs' => [
                        'Status' => 'ENABLED|DISABLED',
                    ],
                ],
                'S3Logs' => [
                    'Status' => 'ENABLED|DISABLED',
                ],
            ],
        ],
        // ...
    ],
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
MemberDataSourceConfigurations
  • Required: Yes
  • Type: Array of MemberDataSourceConfiguration structures

An object that describes which data sources are enabled for a member account.

UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetMembers

$result = $client->getMembers([/* ... */]);
$promise = $client->getMembersAsync([/* ... */]);

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

Parameter Syntax

$result = $client->getMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the GuardDuty member accounts that you want to describe.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account whose members you want to retrieve.

Result Syntax

[
    'Members' => [
        [
            'AccountId' => '<string>',
            'DetectorId' => '<string>',
            'Email' => '<string>',
            'InvitedAt' => '<string>',
            'MasterId' => '<string>',
            'RelationshipStatus' => '<string>',
            'UpdatedAt' => '<string>',
        ],
        // ...
    ],
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Members
  • Required: Yes
  • Type: Array of Member structures

A list of members.

UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetThreatIntelSet

$result = $client->getThreatIntelSet([/* ... */]);
$promise = $client->getThreatIntelSetAsync([/* ... */]);

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Parameter Syntax

$result = $client->getThreatIntelSet([
    'DetectorId' => '<string>', // REQUIRED
    'ThreatIntelSetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the threatIntelSet is associated with.

ThreatIntelSetId
  • Required: Yes
  • Type: string

The unique ID of the threatIntelSet that you want to get.

Result Syntax

[
    'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
    'Location' => '<string>',
    'Name' => '<string>',
    'Status' => 'INACTIVE|ACTIVATING|ACTIVE|DEACTIVATING|ERROR|DELETE_PENDING|DELETED',
    'Tags' => ['<string>', ...],
]

Result Details

Members
Format
  • Required: Yes
  • Type: string

The format of the threatIntelSet.

Location
  • Required: Yes
  • Type: string

The URI of the file that contains the ThreatIntelSet.

Name
  • Required: Yes
  • Type: string

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

Status
  • Required: Yes
  • Type: string

The status of threatIntelSet file uploaded.

Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags of the threat list resource.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

GetUsageStatistics

$result = $client->getUsageStatistics([/* ... */]);
$promise = $client->getUsageStatisticsAsync([/* ... */]);

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated.

Parameter Syntax

$result = $client->getUsageStatistics([
    'DetectorId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Unit' => '<string>',
    'UsageCriteria' => [ // REQUIRED
        'AccountIds' => ['<string>', ...],
        'DataSources' => ['<string>', ...], // REQUIRED
        'Resources' => ['<string>', ...],
    ],
    'UsageStatisticType' => 'SUM_BY_ACCOUNT|SUM_BY_DATA_SOURCE|SUM_BY_RESOURCE|TOP_RESOURCES', // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.

MaxResults
  • Type: int

The maximum number of results to return in the response.

NextToken
  • Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Unit
  • Type: string

The currency unit you would like to view your usage statistics in. Current valid values are USD.

UsageCriteria
  • Required: Yes
  • Type: UsageCriteria structure

Represents the criteria used for querying usage.

UsageStatisticType
  • Required: Yes
  • Type: string

The type of usage statistics to retrieve.

Result Syntax

[
    'NextToken' => '<string>',
    'UsageStatistics' => [
        'SumByAccount' => [
            [
                'AccountId' => '<string>',
                'Total' => [
                    'Amount' => '<string>',
                    'Unit' => '<string>',
                ],
            ],
            // ...
        ],
        'SumByDataSource' => [
            [
                'DataSource' => 'FLOW_LOGS|CLOUD_TRAIL|DNS_LOGS|S3_LOGS|KUBERNETES_AUDIT_LOGS',
                'Total' => [
                    'Amount' => '<string>',
                    'Unit' => '<string>',
                ],
            ],
            // ...
        ],
        'SumByResource' => [
            [
                'Resource' => '<string>',
                'Total' => [
                    'Amount' => '<string>',
                    'Unit' => '<string>',
                ],
            ],
            // ...
        ],
        'TopResources' => [
            [
                'Resource' => '<string>',
                'Total' => [
                    'Amount' => '<string>',
                    'Unit' => '<string>',
                ],
            ],
            // ...
        ],
    ],
]

Result Details

Members
NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

UsageStatistics
  • Type: UsageStatistics structure

The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

InviteMembers

$result = $client->inviteMembers([/* ... */]);
$promise = $client->inviteMembersAsync([/* ... */]);

Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.

Parameter Syntax

$result = $client->inviteMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
    'DisableEmailNotification' => true || false,
    'Message' => '<string>',
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the accounts that you want to invite to GuardDuty as members.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty account that you want to invite members with.

DisableEmailNotification
  • Type: boolean

A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.

Message
  • Type: string

The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListDetectors

$result = $client->listDetectors([/* ... */]);
$promise = $client->listDetectorsAsync([/* ... */]);

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

Parameter Syntax

$result = $client->listDetectors([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Result Syntax

[
    'DetectorIds' => ['<string>', ...],
    'NextToken' => '<string>',
]

Result Details

Members
DetectorIds
  • Required: Yes
  • Type: Array of strings

A list of detector IDs.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListFilters

$result = $client->listFilters([/* ... */]);
$promise = $client->listFiltersAsync([/* ... */]);

Returns a paginated list of the current filters.

Parameter Syntax

$result = $client->listFilters([
    'DetectorId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the filter is associated with.

MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Result Syntax

[
    'FilterNames' => ['<string>', ...],
    'NextToken' => '<string>',
]

Result Details

Members
FilterNames
  • Required: Yes
  • Type: Array of strings

A list of filter names.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListFindings

$result = $client->listFindings([/* ... */]);
$promise = $client->listFindingsAsync([/* ... */]);

Lists Amazon GuardDuty findings for the specified detector ID.

Parameter Syntax

$result = $client->listFindings([
    'DetectorId' => '<string>', // REQUIRED
    'FindingCriteria' => [
        'Criterion' => [
            '<String>' => [
                'Eq' => ['<string>', ...],
                'Equals' => ['<string>', ...],
                'GreaterThan' => <integer>,
                'GreaterThanOrEqual' => <integer>,
                'Gt' => <integer>,
                'Gte' => <integer>,
                'LessThan' => <integer>,
                'LessThanOrEqual' => <integer>,
                'Lt' => <integer>,
                'Lte' => <integer>,
                'Neq' => ['<string>', ...],
                'NotEquals' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'SortCriteria' => [
        'AttributeName' => '<string>',
        'OrderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector that specifies the GuardDuty service whose findings you want to list.

FindingCriteria
  • Type: FindingCriteria structure

Represents the criteria used for querying findings. Valid values include:

  • JSON field name

  • accountId

  • region

  • confidence

  • id

  • resource.accessKeyDetails.accessKeyId

  • resource.accessKeyDetails.principalId

  • resource.accessKeyDetails.userName

  • resource.accessKeyDetails.userType

  • resource.instanceDetails.iamInstanceProfile.id

  • resource.instanceDetails.imageId

  • resource.instanceDetails.instanceId

  • resource.instanceDetails.networkInterfaces.ipv6Addresses

  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

  • resource.instanceDetails.networkInterfaces.publicDnsName

  • resource.instanceDetails.networkInterfaces.publicIp

  • resource.instanceDetails.networkInterfaces.securityGroups.groupId

  • resource.instanceDetails.networkInterfaces.securityGroups.groupName

  • resource.instanceDetails.networkInterfaces.subnetId

  • resource.instanceDetails.networkInterfaces.vpcId

  • resource.instanceDetails.tags.key

  • resource.instanceDetails.tags.value

  • resource.resourceType

  • service.action.actionType

  • service.action.awsApiCallAction.api

  • service.action.awsApiCallAction.callerType

  • service.action.awsApiCallAction.remoteIpDetails.city.cityName

  • service.action.awsApiCallAction.remoteIpDetails.country.countryName

  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

  • service.action.awsApiCallAction.remoteIpDetails.organization.asn

  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

  • service.action.awsApiCallAction.serviceName

  • service.action.dnsRequestAction.domain

  • service.action.networkConnectionAction.blocked

  • service.action.networkConnectionAction.connectionDirection

  • service.action.networkConnectionAction.localPortDetails.port

  • service.action.networkConnectionAction.protocol

  • service.action.networkConnectionAction.remoteIpDetails.country.countryName

  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.organization.asn

  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

  • service.action.networkConnectionAction.remotePortDetails.port

  • service.additionalInfo.threatListName

  • service.archived

    When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole

  • severity

  • type

  • updatedAt

    Type: Timestamp in Unix Epoch millisecond format: 1486685375000

MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

SortCriteria
  • Type: SortCriteria structure

Represents the criteria used for sorting findings.

Result Syntax

[
    'FindingIds' => ['<string>', ...],
    'NextToken' => '<string>',
]

Result Details

Members
FindingIds
  • Required: Yes
  • Type: Array of strings

The IDs of the findings that you're listing.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListIPSets

$result = $client->listIPSets([/* ... */]);
$promise = $client->listIPSetsAsync([/* ... */]);

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

Parameter Syntax

$result = $client->listIPSets([
    'DetectorId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the IPSet is associated with.

MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Result Syntax

[
    'IpSetIds' => ['<string>', ...],
    'NextToken' => '<string>',
]

Result Details

Members
IpSetIds
  • Required: Yes
  • Type: Array of strings

The IDs of the IPSet resources.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListInvitations

$result = $client->listInvitations([/* ... */]);
$promise = $client->listInvitationsAsync([/* ... */]);

Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.

Parameter Syntax

$result = $client->listInvitations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Result Syntax

[
    'Invitations' => [
        [
            'AccountId' => '<string>',
            'InvitationId' => '<string>',
            'InvitedAt' => '<string>',
            'RelationshipStatus' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Invitations
  • Type: Array of Invitation structures

A list of invitation descriptions.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListMembers

$result = $client->listMembers([/* ... */]);
$promise = $client->listMembersAsync([/* ... */]);

Lists details about all member accounts for the current GuardDuty administrator account.

Parameter Syntax

$result = $client->listMembers([
    'DetectorId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OnlyAssociated' => '<string>',
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector the member is associated with.

MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

OnlyAssociated
  • Type: string

Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).

Result Syntax

[
    'Members' => [
        [
            'AccountId' => '<string>',
            'DetectorId' => '<string>',
            'Email' => '<string>',
            'InvitedAt' => '<string>',
            'MasterId' => '<string>',
            'RelationshipStatus' => '<string>',
            'UpdatedAt' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Members
  • Type: Array of Member structures

A list of members.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListOrganizationAdminAccounts

$result = $client->listOrganizationAdminAccounts([/* ... */]);
$promise = $client->listOrganizationAdminAccountsAsync([/* ... */]);

Lists the accounts configured as GuardDuty delegated administrators.

Parameter Syntax

$result = $client->listOrganizationAdminAccounts([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
  • Type: int

The maximum number of results to return in the response.

NextToken
  • Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Result Syntax

[
    'AdminAccounts' => [
        [
            'AdminAccountId' => '<string>',
            'AdminStatus' => 'ENABLED|DISABLE_IN_PROGRESS',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AdminAccounts
  • Type: Array of AdminAccount structures

A list of accounts configured as GuardDuty delegated administrators.

NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListPublishingDestinations

$result = $client->listPublishingDestinations([/* ... */]);
$promise = $client->listPublishingDestinationsAsync([/* ... */]);

Returns a list of publishing destinations associated with the specified detectorId.

Parameter Syntax

$result = $client->listPublishingDestinations([
    'DetectorId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector to retrieve publishing destinations for.

MaxResults
  • Type: int

The maximum number of results to return in the response.

NextToken
  • Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Result Syntax

[
    'Destinations' => [
        [
            'DestinationId' => '<string>',
            'DestinationType' => 'S3',
            'Status' => 'PENDING_VERIFICATION|PUBLISHING|UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY|STOPPED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Destinations
  • Required: Yes
  • Type: Array of Destination structures

A Destinations object that includes information about each publishing destination returned.

NextToken
  • Type: string

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

Parameter Syntax

$result = $client->listTagsForResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ResourceArn
  • Required: Yes
  • Type: string

The Amazon Resource Name (ARN) for the given GuardDuty resource.

Result Syntax

[
    'Tags' => ['<string>', ...],
]

Result Details

Members
Tags
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags associated with the resource.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

ListThreatIntelSets

$result = $client->listThreatIntelSets([/* ... */]);
$promise = $client->listThreatIntelSetsAsync([/* ... */]);

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

Parameter Syntax

$result = $client->listThreatIntelSets([
    'DetectorId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that the threatIntelSet is associated with.

MaxResults
  • Type: int

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

NextToken
  • Type: string

You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Result Syntax

[
    'NextToken' => '<string>',
    'ThreatIntelSetIds' => ['<string>', ...],
]

Result Details

Members
NextToken
  • Type: string

The pagination parameter to be used on the next list operation to retrieve more items.

ThreatIntelSetIds
  • Required: Yes
  • Type: Array of strings

The IDs of the ThreatIntelSet resources.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

StartMonitoringMembers

$result = $client->startMonitoringMembers([/* ... */]);
$promise = $client->startMonitoringMembersAsync([/* ... */]);

Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.

Parameter Syntax

$result = $client->startMonitoringMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs of the GuardDuty member accounts to start monitoring.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

StopMonitoringMembers

$result = $client->stopMonitoringMembers([/* ... */]);
$promise = $client->stopMonitoringMembersAsync([/* ... */]);

Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.

Parameter Syntax

$result = $client->stopMonitoringMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of account IDs for the member accounts to stop monitoring.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of objects that contain an accountId for each account that could not be processed, and a result string that indicates why the account was not processed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Adds tags to a resource.

Parameter Syntax

$result = $client->tagResource([
    'ResourceArn' => '<string>', // REQUIRED
    'Tags' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceArn
  • Required: Yes
  • Type: string

The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.

Tags
  • Required: Yes
  • Type: Associative array of custom strings keys (TagKey) to strings

The tags to be added to a resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UnarchiveFindings

$result = $client->unarchiveFindings([/* ... */]);
$promise = $client->unarchiveFindingsAsync([/* ... */]);

Unarchives GuardDuty findings specified by the findingIds.

Parameter Syntax

$result = $client->unarchiveFindings([
    'DetectorId' => '<string>', // REQUIRED
    'FindingIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
DetectorId
  • Required: Yes
  • Type: string

The ID of the detector associated with the findings to unarchive.

FindingIds
  • Required: Yes
  • Type: Array of strings

The IDs of the findings to unarchive.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Removes tags from a resource.

Parameter Syntax

$result = $client->untagResource([
    'ResourceArn' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceArn
  • Required: Yes
  • Type: string

The Amazon Resource Name (ARN) for the resource to remove tags from.

TagKeys
  • Required: Yes
  • Type: Array of strings

The tag keys to remove from the resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateDetector

$result = $client->updateDetector([/* ... */]);
$promise = $client->updateDetectorAsync([/* ... */]);

Updates the Amazon GuardDuty detector specified by the detectorId.

Parameter Syntax

$result = $client->updateDetector([
    'DataSources' => [
        'Kubernetes' => [
            'AuditLogs' => [ // REQUIRED
                'Enable' => true || false, // REQUIRED
            ],
        ],
        'S3Logs' => [
            'Enable' => true || false, // REQUIRED
        ],
    ],
    'DetectorId' => '<string>', // REQUIRED
    'Enable' => true || false,
    'FindingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
]);

Parameter Details

Members
DataSources
  • Type: DataSourceConfigurations structure

Describes which data sources will be updated.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector to update.

Enable
  • Type: boolean

Specifies whether the detector is enabled or not enabled.

FindingPublishingFrequency
  • Type: string

An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateFilter

$result = $client->updateFilter([/* ... */]);
$promise = $client->updateFilterAsync([/* ... */]);

Updates the filter specified by the filter name.

Parameter Syntax

$result = $client->updateFilter([
    'Action' => 'NOOP|ARCHIVE',
    'Description' => '<string>',
    'DetectorId' => '<string>', // REQUIRED
    'FilterName' => '<string>', // REQUIRED
    'FindingCriteria' => [
        'Criterion' => [
            '<String>' => [
                'Eq' => ['<string>', ...],
                'Equals' => ['<string>', ...],
                'GreaterThan' => <integer>,
                'GreaterThanOrEqual' => <integer>,
                'Gt' => <integer>,
                'Gte' => <integer>,
                'LessThan' => <integer>,
                'LessThanOrEqual' => <integer>,
                'Lt' => <integer>,
                'Lte' => <integer>,
                'Neq' => ['<string>', ...],
                'NotEquals' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'Rank' => <integer>,
]);

Parameter Details

Members
Action
  • Type: string

Specifies the action that is to be applied to the findings that match the filter.

Description
  • Type: string

The description of the filter.

DetectorId
  • Required: Yes
  • Type: string

The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.

FilterName
  • Required: Yes
  • Type: string

The name of the filter.

FindingCriteria
  • Type: FindingCriteria structure

Represents the criteria to be used in the filter for querying findings.

Rank
  • Type: int

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Result Syntax

[
    'Name' => '<string>',
]

Result Details

Members
Name
  • Required: Yes
  • Type: string

The name of the filter.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateFindingsFeedback

$result = $client->updateFindingsFeedback([/* ... */]);
$promise = $client->updateFindingsFeedbackAsync([/* ... */]);

Marks the specified GuardDuty findings as useful or not useful.

Parameter Syntax

$result = $client->updateFindingsFeedback([
    'Comments' => '<string>',
    'DetectorId' => '<string>', // REQUIRED
    'Feedback' => 'USEFUL|NOT_USEFUL', // REQUIRED
    'FindingIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
Comments
  • Type: string

Additional feedback about the GuardDuty findings.

DetectorId
  • Required: Yes
  • Type: string

The ID of the detector associated with the findings to update feedback for.

Feedback
  • Required: Yes
  • Type: string

The feedback for the finding.

FindingIds
  • Required: Yes
  • Type: Array of strings

The IDs of the findings that you want to mark as useful or not useful.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateIPSet

$result = $client->updateIPSet([/* ... */]);
$promise = $client->updateIPSetAsync([/* ... */]);

Updates the IPSet specified by the IPSet ID.

Parameter Syntax

$result = $client->updateIPSet([
    'Activate' => true || false,
    'DetectorId' => '<string>', // REQUIRED
    'IpSetId' => '<string>', // REQUIRED
    'Location' => '<string>',
    'Name' => '<string>',
]);

Parameter Details

Members
Activate
  • Type: boolean

The updated Boolean value that specifies whether the IPSet is active or not.

DetectorId
  • Required: Yes
  • Type: string

The detectorID that specifies the GuardDuty service whose IPSet you want to update.

IpSetId
  • Required: Yes
  • Type: string

The unique ID that specifies the IPSet that you want to update.

Location
  • Type: string

The updated URI of the file that contains the IPSet.

Name
  • Type: string

The unique ID that specifies the IPSet that you want to update.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateMemberDetectors

$result = $client->updateMemberDetectors([/* ... */]);
$promise = $client->updateMemberDetectorsAsync([/* ... */]);

Contains information on member accounts to be updated.

Parameter Syntax

$result = $client->updateMemberDetectors([
    'AccountIds' => ['<string>', ...], // REQUIRED
    'DataSources' => [
        'Kubernetes' => [
            'AuditLogs' => [ // REQUIRED
                'Enable' => true || false, // REQUIRED
            ],
        ],
        'S3Logs' => [
            'Enable' => true || false, // REQUIRED
        ],
    ],
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountIds
  • Required: Yes
  • Type: Array of strings

A list of member account IDs to be updated.

DataSources
  • Type: DataSourceConfigurations structure

Describes which data sources will be updated.

DetectorId
  • Required: Yes
  • Type: string

The detector ID of the administrator account.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'Result' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
  • Required: Yes
  • Type: Array of UnprocessedAccount structures

A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateOrganizationConfiguration

$result = $client->updateOrganizationConfiguration([/* ... */]);
$promise = $client->updateOrganizationConfigurationAsync([/* ... */]);

Updates the delegated administrator account with the values provided.

Parameter Syntax

$result = $client->updateOrganizationConfiguration([
    'AutoEnable' => true || false, // REQUIRED
    'DataSources' => [
        'Kubernetes' => [
            'AuditLogs' => [ // REQUIRED
                'AutoEnable' => true || false, // REQUIRED
            ],
        ],
        'S3Logs' => [
            'AutoEnable' => true || false, // REQUIRED
        ],
    ],
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AutoEnable
  • Required: Yes
  • Type: boolean

Indicates whether to automatically enable member accounts in the organization.

DataSources
  • Type: OrganizationDataSourceConfigurations structure

Describes which data sources will be updated.

DetectorId
  • Required: Yes
  • Type: string

The ID of the detector to update the delegated administrator for.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdatePublishingDestination

$result = $client->updatePublishingDestination([/* ... */]);
$promise = $client->updatePublishingDestinationAsync([/* ... */]);

Updates information about the publishing destination specified by the destinationId.

Parameter Syntax

$result = $client->updatePublishingDestination([
    'DestinationId' => '<string>', // REQUIRED
    'DestinationProperties' => [
        'DestinationArn' => '<string>',
        'KmsKeyArn' => '<string>',
    ],
    'DetectorId' => '<string>', // REQUIRED
]);

Parameter Details

Members
DestinationId
  • Required: Yes
  • Type: string

The ID of the publishing destination to update.

DestinationProperties
  • Type: DestinationProperties structure

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

DetectorId
  • Required: Yes
  • Type: string

The ID of the detector associated with the publishing destinations to update.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

UpdateThreatIntelSet

$result = $client->updateThreatIntelSet([/* ... */]);
$promise = $client->updateThreatIntelSetAsync([/* ... */]);

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Parameter Syntax

$result = $client->updateThreatIntelSet([
    'Activate' => true || false,
    'DetectorId' => '<string>', // REQUIRED
    'Location' => '<string>',
    'Name' => '<string>',
    'ThreatIntelSetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Activate
  • Type: boolean

The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

DetectorId
  • Required: Yes
  • Type: string

The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.

Location
  • Type: string

The updated URI of the file that contains the ThreateIntelSet.

Name
  • Type: string

The unique ID that specifies the ThreatIntelSet that you want to update.

ThreatIntelSetId
  • Required: Yes
  • Type: string

The unique ID that specifies the ThreatIntelSet that you want to update.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

  • BadRequestException:

    A bad request exception object.

  • InternalServerErrorException:

    An internal server error exception object.

Shapes

AccessControlList

Description

Contains information on the current access control policies for the bucket.

Members
AllowsPublicReadAccess
  • Type: boolean

A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).

AllowsPublicWriteAccess
  • Type: boolean

A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).

AccessKeyDetails

Description

Contains information about the access keys.

Members
AccessKeyId
  • Type: string

The access key ID of the user.

PrincipalId
  • Type: string

The principal ID of the user.

UserName
  • Type: string

The name of the user.

UserType
  • Type: string

The type of the user.

AccountDetail

Description

Contains information about the account.

Members
AccountId
  • Required: Yes
  • Type: string

The member account ID.

Email
  • Required: Yes
  • Type: string

The email address of the member account.

AccountLevelPermissions

Description

Contains information about the account level permissions on the S3 bucket.

Members
BlockPublicAccess
  • Type: BlockPublicAccess structure

Describes the S3 Block Public Access settings of the bucket's parent account.

Action

Description

Contains information about actions.

Members
ActionType
  • Type: string

The GuardDuty finding activity type.

AwsApiCallAction
  • Type: AwsApiCallAction structure

Information about the AWS_API_CALL action described in this finding.

DnsRequestAction
  • Type: DnsRequestAction structure

Information about the DNS_REQUEST action described in this finding.

KubernetesApiCallAction
  • Type: KubernetesApiCallAction structure

Information about the Kubernetes API call action described in this finding.

NetworkConnectionAction
  • Type: NetworkConnectionAction structure

Information about the NETWORK_CONNECTION action described in this finding.

PortProbeAction
  • Type: PortProbeAction structure

Information about the PORT_PROBE action described in this finding.

AdminAccount

Description

The account within the organization specified as the GuardDuty delegated administrator.

Members
AdminAccountId
  • Type: string

The Amazon Web Services account ID for the account.

AdminStatus
  • Type: string

Indicates whether the account is enabled as the delegated administrator.

AwsApiCallAction

Description

Contains information about the API action.

Members
Api
  • Type: string

The Amazon Web Services API name.

CallerType
  • Type: string

The Amazon Web Services API caller type.

DomainDetails
  • Type: DomainDetails structure

The domain information for the Amazon Web Services API call.

ErrorCode
  • Type: string

The error code of the failed Amazon Web Services API action.

RemoteAccountDetails
  • Type: RemoteAccountDetails structure

The details of the Amazon Web Services account that made the API call. This field appears if the call was made from outside your account.

RemoteIpDetails
  • Type: RemoteIpDetails structure

The remote IP information of the connection that initiated the Amazon Web Services API call.

ServiceName
  • Type: string

The Amazon Web Services service name whose API was invoked.

UserAgent
  • Type: string

The agent through which the API request was made.

BadRequestException

Description

A bad request exception object.

Members
Message
  • Type: string

The error message.

Type
  • Type: string

The error type.

BlockPublicAccess

Description

Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.

Members
BlockPublicAcls
  • Type: boolean

Indicates if S3 Block Public Access is set to BlockPublicAcls.

BlockPublicPolicy
  • Type: boolean

Indicates if S3 Block Public Access is set to BlockPublicPolicy.

IgnorePublicAcls
  • Type: boolean

Indicates if S3 Block Public Access is set to IgnorePublicAcls.

RestrictPublicBuckets
  • Type: boolean

Indicates if S3 Block Public Access is set to RestrictPublicBuckets.

BucketLevelPermissions

Description

Contains information about the bucket level permissions for the S3 bucket.

Members
AccessControlList
  • Type: AccessControlList structure

Contains information on how Access Control Policies are applied to the bucket.

BlockPublicAccess
  • Type: BlockPublicAccess structure

Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.

BucketPolicy
  • Type: BucketPolicy structure

Contains information on the bucket policies for the S3 bucket.

BucketPolicy

Description

Contains information on the current bucket policies for the S3 bucket.

Members
AllowsPublicReadAccess
  • Type: boolean

A value that indicates whether public read access for the bucket is enabled through a bucket policy.

AllowsPublicWriteAccess
  • Type: boolean

A value that indicates whether public write access for the bucket is enabled through a bucket policy.

City

Description

Contains information about the city associated with the IP address.

Members
CityName
  • Type: string

The city name of the remote IP address.

CloudTrailConfigurationResult

Description

Contains information on the status of CloudTrail as a data source for the detector.

Members
Status
  • Required: Yes
  • Type: string

Describes whether CloudTrail is enabled as a data source for the detector.

Condition

Description

Contains information about the condition.

Members
Eq
  • Type: Array of strings

Represents the equal condition to be applied to a single field when querying for findings.

Equals
  • Type: Array of strings

Represents an equal condition to be applied to a single field when querying for findings.

GreaterThan
  • Type: long (int|float)

Represents a greater than condition to be applied to a single field when querying for findings.

GreaterThanOrEqual
  • Type: long (int|float)

Represents a greater than or equal condition to be applied to a single field when querying for findings.

Gt
  • Type: int

Represents a greater than condition to be applied to a single field when querying for findings.

Gte
  • Type: int

Represents a greater than or equal condition to be applied to a single field when querying for findings.

LessThan
  • Type: long (int|float)

Represents a less than condition to be applied to a single field when querying for findings.

LessThanOrEqual
  • Type: long (int|float)

Represents a less than or equal condition to be applied to a single field when querying for findings.

Lt
  • Type: int

Represents a less than condition to be applied to a single field when querying for findings.

Lte
  • Type: int

Represents a less than or equal condition to be applied to a single field when querying for findings.

Neq
  • Type: Array of strings

Represents the not equal condition to be applied to a single field when querying for findings.

NotEquals
  • Type: Array of strings

Represents a not equal condition to be applied to a single field when querying for findings.

Container

Description

Details of a container.

Members
ContainerRuntime
  • Type: string

The container runtime (such as, Docker or containerd) used to run the container.

Id
  • Type: string

Container ID.

Image
  • Type: string

Container image.

ImagePrefix
  • Type: string

Part of the image name before the last slash. For example, imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would be public.ecr.aws/amazonlinux. If the image name is relative and does not have a slash, this field is empty.

Name
  • Type: string

Container name.

SecurityContext
  • Type: SecurityContext structure

Container security context.

VolumeMounts
  • Type: Array of VolumeMount structures

Container volume mounts.

Country

Description

Contains information about the country where the remote IP address is located.

Members
CountryCode
  • Type: string

The country code of the remote IP address.

CountryName
  • Type: string

The country name of the remote IP address.

DNSLogsConfigurationResult

Description

Contains information on the status of DNS logs as a data source.

Members
Status
  • Required: Yes
  • Type: string

Denotes whether DNS logs is enabled as a data source.

DataSourceConfigurations

Description

Contains information about which data sources are enabled.

Members
Kubernetes
  • Type: KubernetesConfiguration structure

Describes whether any Kubernetes logs are enabled as data sources.

S3Logs
  • Type: S3LogsConfiguration structure

Describes whether S3 data event logs are enabled as a data source.

DataSourceConfigurationsResult

Description

Contains information on the status of data sources for the detector.

Members
CloudTrail
  • Required: Yes
  • Type: CloudTrailConfigurationResult structure

An object that contains information on the status of CloudTrail as a data source.

DNSLogs
  • Required: Yes
  • Type: DNSLogsConfigurationResult structure

An object that contains information on the status of DNS logs as a data source.

FlowLogs
  • Required: Yes
  • Type: FlowLogsConfigurationResult structure

An object that contains information on the status of VPC flow logs as a data source.

Kubernetes
  • Type: KubernetesConfigurationResult structure

An object that contains information on the status of all Kubernetes data sources.

S3Logs
  • Required: Yes
  • Type: S3LogsConfigurationResult structure

An object that contains information on the status of S3 Data event logs as a data source.

DefaultServerSideEncryption

Description

Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.

Members
EncryptionType
  • Type: string

The type of encryption used for objects within the S3 bucket.

KmsMasterKeyArn
  • Type: string

The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms.

Destination

Description

Contains information about the publishing destination, including the ID, type, and status.

Members
DestinationId
  • Required: Yes
  • Type: string

The unique ID of the publishing destination.

DestinationType
  • Required: Yes
  • Type: string

The type of resource used for the publishing destination. Currently, only Amazon S3 buckets are supported.

Status
  • Required: Yes
  • Type: string

The status of the publishing destination.

DestinationProperties

Description

Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.

Members
DestinationArn
  • Type: string

The ARN of the resource to publish to.

To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/

KmsKeyArn
  • Type: string

The ARN of the KMS key to use for encryption.

DnsRequestAction

Description

Contains information about the DNS_REQUEST action described in this finding.

Members
Domain
  • Type: string

The domain information for the API request.

DomainDetails

Description

Contains information about the domain.

Members
Domain
  • Type: string

The domain information for the Amazon Web Services API call.

EksClusterDetails

Description

Details about the EKS cluster involved in a Kubernetes finding.

Members
Arn
  • Type: string

EKS cluster ARN.

CreatedAt
  • Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp when the EKS cluster was created.

Name
  • Type: string

EKS cluster name.

Status
  • Type: string

The EKS cluster status.

Tags
  • Type: Array of Tag structures

The EKS cluster tags.

VpcId
  • Type: string

The VPC ID to which the EKS cluster is attached.

Evidence

Description

Contains information about the reason that the finding was generated.

Members
ThreatIntelligenceDetails
  • Type: Array of ThreatIntelligenceDetail structures

A list of threat intelligence details related to the evidence.

Finding

Description

Contains information about the finding, which is generated when abnormal or suspicious activity is detected.

Members
AccountId
  • Required: Yes
  • Type: string

The ID of the account in which the finding was generated.

Arn
  • Required: Yes
  • Type: string

The ARN of the finding.

Confidence
  • Type: double

The confidence score for the finding.

CreatedAt
  • Required: Yes
  • Type: string

The time and date when the finding was created.

Description
  • Type: string

The description of the finding.

Id
  • Required: Yes
  • Type: string

The ID of the finding.

Partition
  • Type: string

The partition associated with the finding.

Region
  • Required: Yes
  • Type: string

The Region where the finding was generated.

Resource
  • Required: Yes
  • Type: Resource structure

Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.

SchemaVersion
  • Required: Yes
  • Type: string

The version of the schema used for the finding.

Service
  • Type: Service structure

Contains additional information about the generated finding.

Severity
  • Required: Yes
  • Type: double

The severity of the finding.

Title
  • Type: string

The title of the finding.

Type
  • Required: Yes
  • Type: string

The type of finding.

UpdatedAt
  • Required: Yes
  • Type: string

The time and date when the finding was last updated.

FindingCriteria

Description

Contains information about the criteria used for querying findings.

Members
Criterion
  • Type: Associative array of custom strings keys (String) to Condition structures

Represents a map of finding properties that match specified conditions and values when querying findings.

FindingStatistics

Description

Contains information about finding statistics.

Members
CountBySeverity
  • Type: Associative array of custom strings keys (String) to ints

Represents a map of severity to count statistics for a set of findings.

FlowLogsConfigurationResult

Description

Contains information on the status of VPC flow logs as a data source.

Members
Status
  • Required: Yes
  • Type: string

Denotes whether VPC flow logs is enabled as a data source.

GeoLocation

Description

Contains information about the location of the remote IP address.

Members
Lat
  • Type: double

The latitude information of the remote IP address.

Lon
  • Type: double

The longitude information of the remote IP address.

HostPath

Description

Represents a pre-existing file or directory on the host machine that the volume maps to.

Members
Path
  • Type: string

Path of the file or directory on the host that the volume maps to.

IamInstanceProfile

Description

Contains information about the EC2 instance profile.

Members
Arn
  • Type: string

The profile ARN of the EC2 instance.

Id
  • Type: string

The profile ID of the EC2 instance.

InstanceDetails

Description

Contains information about the details of an instance.

Members
AvailabilityZone
  • Type: string

The Availability Zone of the EC2 instance.

IamInstanceProfile
  • Type: IamInstanceProfile structure

The profile information of the EC2 instance.

ImageDescription
  • Type: string

The image description of the EC2 instance.

ImageId
  • Type: string

The image ID of the EC2 instance.

InstanceId
  • Type: string

The ID of the EC2 instance.

InstanceState
  • Type: string

The state of the EC2 instance.

InstanceType
  • Type: string

The type of the EC2 instance.

LaunchTime
  • Type: string

The launch time of the EC2 instance.

NetworkInterfaces
  • Type: Array of NetworkInterface structures

The elastic network interface information of the EC2 instance.

OutpostArn
  • Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts instances.

Platform
  • Type: string

The platform of the EC2 instance.

ProductCodes
  • Type: Array of ProductCode structures

The product code of the EC2 instance.

Tags
  • Type: Array of Tag structures

The tags of the EC2 instance.

InternalServerErrorException

Description

An internal server error exception object.

Members
Message
  • Type: string

The error message.

Type
  • Type: string

The error type.

Invitation

Description

Contains information about the invitation to become a member account.

Members
AccountId
  • Type: string

The ID of the account that the invitation was sent from.

InvitationId
  • Type: string

The ID of the invitation. This value is used to validate the inviter account to the member account.

InvitedAt
  • Type: string

The timestamp when the invitation was sent.

RelationshipStatus
  • Type: string

The status of the relationship between the inviter and invitee accounts.

KubernetesApiCallAction

Description

Information about the Kubernetes API call action described in this finding.

Members
Parameters
  • Type: string

Parameters related to the Kubernetes API call action.

RemoteIpDetails
  • Type: RemoteIpDetails structure

Contains information about the remote IP address of the connection.

RequestUri
  • Type: string

The Kubernetes API request URI.

SourceIps
  • Type: Array of strings

The IP of the Kubernetes API caller and the IPs of any proxies or load balancers between the caller and the API endpoint.

StatusCode
  • Type: int

The resulting HTTP response code of the Kubernetes API call action.

UserAgent
  • Type: string

The user agent of the caller of the Kubernetes API.

Verb
  • Type: string

The Kubernetes API request HTTP verb.

KubernetesAuditLogsConfiguration

Description

Describes whether Kubernetes audit logs are enabled as a data source.

Members
Enable
  • Required: Yes
  • Type: boolean

The status of Kubernetes audit logs as a data source.

KubernetesAuditLogsConfigurationResult

Description

Describes whether Kubernetes audit logs are enabled as a data source.

Members
Status
  • Required: Yes
  • Type: string

A value that describes whether Kubernetes audit logs are enabled as a data source.

KubernetesConfiguration

Description

Describes whether any Kubernetes data sources are enabled.

Members
AuditLogs
  • Required: Yes
  • Type: KubernetesAuditLogsConfiguration structure

The status of Kubernetes audit logs as a data source.

KubernetesConfigurationResult

Description

Describes whether any Kubernetes logs will be enabled as a data source.

Members
AuditLogs
  • Required: Yes
  • Type: KubernetesAuditLogsConfigurationResult structure

Describes whether Kubernetes audit logs are enabled as a data source.

KubernetesDetails

Description

Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.

Members
KubernetesUserDetails
  • Type: KubernetesUserDetails structure

Details about the Kubernetes user involved in a Kubernetes finding.

KubernetesWorkloadDetails
  • Type: KubernetesWorkloadDetails structure

Details about the Kubernetes workload involved in a Kubernetes finding.

KubernetesUserDetails

Description

Details about the Kubernetes user involved in a Kubernetes finding.

Members
Groups
  • Type: Array of strings

The groups that include the user who called the Kubernetes API.

Uid
  • Type: string

The user ID of the user who called the Kubernetes API.

Username
  • Type: string

The username of the user who called the Kubernetes API.

KubernetesWorkloadDetails

Description

Details about the Kubernetes workload involved in a Kubernetes finding.

Members
Containers
  • Type: Array of Container structures

Containers running as part of the Kubernetes workload.

HostNetwork
  • Type: boolean

Whether the hostNetwork flag is enabled for the pods included in the workload.

Name
  • Type: string

Kubernetes workload name.

Namespace
  • Type: string

Kubernetes namespace that the workload is part of.

Type
  • Type: string

Kubernetes workload type (e.g. Pod, Deployment, etc.).

Uid
  • Type: string

Kubernetes workload ID.

Volumes
  • Type: Array of Volume structures

Volumes used by the Kubernetes workload.

LocalIpDetails

Description

Contains information about the local IP address of the connection.

Members
IpAddressV4
  • Type: string

The IPv4 local address of the connection.

LocalPortDetails

Description

Contains information about the port for the local connection.

Members
Port
  • Type: int

The port number of the local connection.

PortName
  • Type: string

The port name of the local connection.

Master

Description

Contains information about the administrator account and invitation.

Members
AccountId
  • Type: string

The ID of the account used as the administrator account.

InvitationId
  • Type: string

The value used to validate the administrator account to the member account.

InvitedAt
  • Type: string

The timestamp when the invitation was sent.

RelationshipStatus
  • Type: string

The status of the relationship between the administrator and member accounts.

Member

Description

Contains information about the member account.

Members
AccountId
  • Required: Yes
  • Type: string

The ID of the member account.

DetectorId
  • Type: string

The detector ID of the member account.

Email
  • Required: Yes
  • Type: string

The email address of the member account.

InvitedAt
  • Type: string

The timestamp when the invitation was sent.

MasterId
  • Required: Yes
  • Type: string

The administrator account ID.

RelationshipStatus
  • Required: Yes
  • Type: string

The status of the relationship between the member and the administrator.

UpdatedAt
  • Required: Yes
  • Type: string

The last-updated timestamp of the member.

MemberDataSourceConfiguration

Description

Contains information on which data sources are enabled for a member account.

Members
AccountId
  • Required: Yes
  • Type: string

The account ID for the member account.

DataSources
  • Required: Yes
  • Type: DataSourceConfigurationsResult structure

Contains information on the status of data sources for the account.

NetworkConnectionAction

Description

Contains information about the NETWORK_CONNECTION action described in the finding.

Members
Blocked
  • Type: boolean

Indicates whether EC2 blocked the network connection to your instance.

ConnectionDirection
  • Type: string

The network connection direction.

LocalIpDetails
  • Type: LocalIpDetails structure

The local IP information of the connection.

LocalPortDetails
  • Type: LocalPortDetails structure

The local port information of the connection.

Protocol
  • Type: string

The network connection protocol.

RemoteIpDetails
  • Type: RemoteIpDetails structure

The remote IP information of the connection.

RemotePortDetails
  • Type: RemotePortDetails structure

The remote port information of the connection.

NetworkInterface

Description

Contains information about the elastic network interface of the EC2 instance.

Members
Ipv6Addresses
  • Type: Array of strings

A list of IPv6 addresses for the EC2 instance.

NetworkInterfaceId
  • Type: string

The ID of the network interface.

PrivateDnsName
  • Type: string

The private DNS name of the EC2 instance.

PrivateIpAddress
  • Type: string

The private IP address of the EC2 instance.

PrivateIpAddresses
  • Type: Array of PrivateIpAddressDetails structures

Other private IP address information of the EC2 instance.

PublicDnsName
  • Type: string

The public DNS name of the EC2 instance.

PublicIp
  • Type: string

The public IP address of the EC2 instance.

SecurityGroups
  • Type: Array of SecurityGroup structures

The security groups associated with the EC2 instance.

SubnetId
  • Type: string

The subnet ID of the EC2 instance.

VpcId
  • Type: string

The VPC ID of the EC2 instance.

Organization

Description

Contains information about the ISP organization of the remote IP address.

Members
Asn
  • Type: string

The Autonomous System Number (ASN) of the internet provider of the remote IP address.

AsnOrg
  • Type: string

The organization that registered this ASN.

Isp
  • Type: string

The ISP information for the internet provider.

Org
  • Type: string

The name of the internet provider.

OrganizationDataSourceConfigurations

Description

An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.

Members
Kubernetes
  • Type: OrganizationKubernetesConfiguration structure

Describes the configuration of Kubernetes data sources for new members of the organization.

S3Logs
  • Type: OrganizationS3LogsConfiguration structure

Describes whether S3 data event logs are enabled for new members of the organization.

OrganizationDataSourceConfigurationsResult

Description

An object that contains information on which data sources are automatically enabled for new members within the organization.

Members
Kubernetes
  • Type: OrganizationKubernetesConfigurationResult structure

Describes the configuration of Kubernetes data sources.

S3Logs
  • Required: Yes
  • Type: OrganizationS3LogsConfigurationResult structure

Describes whether S3 data event logs are enabled as a data source.

OrganizationKubernetesAuditLogsConfiguration

Description

Organization-wide Kubernetes audit logs configuration.

Members
AutoEnable
  • Required: Yes
  • Type: boolean

A value that contains information on whether Kubernetes audit logs should be enabled automatically as a data source for the organization.

OrganizationKubernetesAuditLogsConfigurationResult

Description

The current configuration of Kubernetes audit logs as a data source for the organization.

Members
AutoEnable
  • Required: Yes
  • Type: boolean

Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.

OrganizationKubernetesConfiguration

Description

Organization-wide Kubernetes data sources configurations.

Members
AuditLogs
  • Required: Yes
  • Type: OrganizationKubernetesAuditLogsConfiguration structure

Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.

OrganizationKubernetesConfigurationResult

Description

The current configuration of all Kubernetes data sources for the organization.

Members
AuditLogs
  • Required: Yes
  • Type: OrganizationKubernetesAuditLogsConfigurationResult structure

The current configuration of Kubernetes audit logs as a data source for the organization.

OrganizationS3LogsConfiguration

Description

Describes whether S3 data event logs will be automatically enabled for new members of the organization.

Members
AutoEnable
  • Required: Yes
  • Type: boolean

A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.

OrganizationS3LogsConfigurationResult

Description

The current configuration of S3 data event logs as a data source for the organization.

Members
AutoEnable
  • Required: Yes
  • Type: boolean

A value that describes whether S3 data event logs are automatically enabled for new members of the organization.

Owner

Description

Contains information on the owner of the bucket.

Members
Id
  • Type: string

The canonical user ID of the bucket owner. For information about locating your canonical user ID see Finding Your Account Canonical User ID.

PermissionConfiguration

Description

Contains information about how permissions are configured for the S3 bucket.

Members
AccountLevelPermissions
  • Type: AccountLevelPermissions structure

Contains information about the account level permissions on the S3 bucket.

BucketLevelPermissions
  • Type: BucketLevelPermissions structure

Contains information about the bucket level permissions for the S3 bucket.

PortProbeAction

Description

Contains information about the PORT_PROBE action described in the finding.

Members
Blocked
  • Type: boolean

Indicates whether EC2 blocked the port probe to the instance, such as with an ACL.

PortProbeDetails
  • Type: Array of PortProbeDetail structures

A list of objects related to port probe details.

PortProbeDetail

Description

Contains information about the port probe details.

Members
LocalIpDetails
  • Type: LocalIpDetails structure

The local IP information of the connection.

LocalPortDetails
  • Type: LocalPortDetails structure

The local port information of the connection.

RemoteIpDetails
  • Type: RemoteIpDetails structure

The remote IP information of the connection.

PrivateIpAddressDetails

Description

Contains other private IP address information of the EC2 instance.

Members
PrivateDnsName
  • Type: string

The private DNS name of the EC2 instance.

PrivateIpAddress
  • Type: string

The private IP address of the EC2 instance.

ProductCode

Description

Contains information about the product code for the EC2 instance.

Members
Code
  • Type: string

The product code information.

ProductType
  • Type: string

The product code type.

PublicAccess

Description

Describes the public access policies that apply to the S3 bucket.

Members
EffectivePermission
  • Type: string

Describes the effective permission on this bucket after factoring all attached policies.

PermissionConfiguration
  • Type: PermissionConfiguration structure

Contains information about how permissions are configured for the S3 bucket.

RemoteAccountDetails

Description

Contains details about the remote Amazon Web Services account that made the API call.

Members
AccountId
  • Type: string

The Amazon Web Services account ID of the remote API caller.

Affiliated
  • Type: boolean

Details on whether the Amazon Web Services account of the remote API caller is related to your GuardDuty environment. If this value is True the API caller is affiliated to your account in some way. If it is False the API caller is from outside your environment.

RemoteIpDetails

Description

Contains information about the remote IP address of the connection.

Members
City
  • Type: City structure

The city information of the remote IP address.

Country
  • Type: Country structure

The country code of the remote IP address.

GeoLocation
  • Type: GeoLocation structure

The location information of the remote IP address.

IpAddressV4
  • Type: string

The IPv4 remote address of the connection.

Organization
  • Type: Organization structure

The ISP organization information of the remote IP address.

RemotePortDetails

Description

Contains information about the remote port.

Members
Port
  • Type: int

The port number of the remote connection.

PortName
  • Type: string

The port name of the remote connection.

Resource

Description

Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.

Members
AccessKeyDetails
  • Type: AccessKeyDetails structure

The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.

EksClusterDetails
  • Type: EksClusterDetails structure

Details about the EKS cluster involved in a Kubernetes finding.

InstanceDetails
  • Type: InstanceDetails structure

The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.

KubernetesDetails
  • Type: KubernetesDetails structure

Details about the Kubernetes user and workload involved in a Kubernetes finding.

ResourceType
  • Type: string

The type of Amazon Web Services resource.

S3BucketDetails
  • Type: Array of S3BucketDetail structures

Contains information on the S3 bucket.

S3BucketDetail

Description

Contains information on the S3 bucket.

Members
Arn
  • Type: string

The Amazon Resource Name (ARN) of the S3 bucket.

CreatedAt
  • Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the bucket was created at.

DefaultServerSideEncryption
  • Type: DefaultServerSideEncryption structure

Describes the server side encryption method used in the S3 bucket.

Name
  • Type: string

The name of the S3 bucket.

Owner
  • Type: Owner structure

The owner of the S3 bucket.

PublicAccess
  • Type: PublicAccess structure

Describes the public access policies that apply to the S3 bucket.

Tags
  • Type: Array of Tag structures

All tags attached to the S3 bucket

Type
  • Type: string

Describes whether the bucket is a source or destination bucket.

S3LogsConfiguration

Description

Describes whether S3 data event logs will be enabled as a data source.

Members
Enable
  • Required: Yes
  • Type: boolean

The status of S3 data event logs as a data source.

S3LogsConfigurationResult

Description

Describes whether S3 data event logs will be enabled as a data source.

Members
Status
  • Required: Yes
  • Type: string

A value that describes whether S3 data event logs are automatically enabled for new members of the organization.

SecurityContext

Description

Container security context.

Members
Privileged
  • Type: boolean

Whether the container is privileged.

SecurityGroup

Description

Contains information about the security groups associated with the EC2 instance.

Members
GroupId
  • Type: string

The security group ID of the EC2 instance.

GroupName
  • Type: string

The security group name of the EC2 instance.

Service

Description

Contains additional information about the generated finding.

Members
Action
  • Type: Action structure

Information about the activity that is described in a finding.

Archived
  • Type: boolean

Indicates whether this finding is archived.

Count
  • Type: int

The total count of the occurrences of this finding type.

DetectorId
  • Type: string

The detector ID for the GuardDuty service.

EventFirstSeen
  • Type: string

The first-seen timestamp of the activity that prompted GuardDuty to generate this finding.

EventLastSeen
  • Type: string

The last-seen timestamp of the activity that prompted GuardDuty to generate this finding.

Evidence
  • Type: Evidence structure

An evidence object associated with the service.

ResourceRole
  • Type: string

The resource role information for this finding.

ServiceName
  • Type: string

The name of the Amazon Web Services service (GuardDuty) that generated a finding.

UserFeedback
  • Type: string

Feedback that was submitted about the finding.

SortCriteria

Description

Contains information about the criteria used for sorting findings.

Members
AttributeName
  • Type: string

Represents the finding attribute (for example, accountId) to sort findings by.

OrderBy
  • Type: string

The order by which the sorted findings are to be displayed.

Tag

Description

Contains information about a tag associated with the EC2 instance.

Members
Key
  • Type: string

The EC2 instance tag key.

Value
  • Type: string

The EC2 instance tag value.

ThreatIntelligenceDetail

Description

An instance of a threat intelligence detail that constitutes evidence for the finding.

Members
ThreatListName
  • Type: string

The name of the threat intelligence list that triggered the finding.

ThreatNames
  • Type: Array of strings

A list of names of the threats in the threat intelligence list that triggered the finding.

Total

Description

Contains the total usage with the corresponding currency unit for that value.

Members
Amount
  • Type: string

The total usage.

Unit
  • Type: string

The currency unit that the amount is given in.

UnprocessedAccount

Description

Contains information about the accounts that weren't processed.

Members
AccountId
  • Required: Yes
  • Type: string

The Amazon Web Services account ID.

Result
  • Required: Yes
  • Type: string

A reason why the account hasn't been processed.

UsageAccountResult

Description

Contains information on the total of usage based on account IDs.

Members
AccountId
  • Type: string

The Account ID that generated usage.

Total
  • Type: Total structure

Represents the total of usage for the Account ID.

UsageCriteria

Description

Contains information about the criteria used to query usage statistics.

Members
AccountIds
  • Type: Array of strings

The account IDs to aggregate usage statistics from.

DataSources
  • Required: Yes
  • Type: Array of strings

The data sources to aggregate usage statistics from.

Resources
  • Type: Array of strings

The resources to aggregate usage statistics from. Only accepts exact resource names.

UsageDataSourceResult

Description

Contains information on the result of usage based on data source type.

Members
DataSource
  • Type: string

The data source type that generated usage.

Total
  • Type: Total structure

Represents the total of usage for the specified data source.

UsageResourceResult

Description

Contains information on the sum of usage based on an Amazon Web Services resource.

Members
Resource
  • Type: string

The Amazon Web Services resource that generated usage.

Total
  • Type: Total structure

Represents the sum total of usage for the specified resource type.

UsageStatistics

Description

Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.

Members
SumByAccount
  • Type: Array of UsageAccountResult structures

The usage statistic sum organized by account ID.

SumByDataSource
  • Type: Array of UsageDataSourceResult structures

The usage statistic sum organized by on data source.

SumByResource
  • Type: Array of UsageResourceResult structures

The usage statistic sum organized by resource.

TopResources
  • Type: Array of UsageResourceResult structures

Lists the top 50 resources that have generated the most GuardDuty usage, in order from most to least expensive.

Volume

Description

Volume used by the Kubernetes workload.

Members
HostPath
  • Type: HostPath structure

Represents a pre-existing file or directory on the host machine that the volume maps to.

Name
  • Type: string

Volume name.

VolumeMount

Description

Container volume mount.

Members
MountPath
  • Type: string

Volume mount path.

Name
  • Type: string

Volume mount name.

AWS SDK for PHP 3.x API documentation generated by ApiGen