AWS GuardDuty Publishing Destination

undefined (Terraform)

The Publishing Destination in GuardDuty can be configured in Terraform with the resource name undefined. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

The following arguments are supported:

• detector_id - (Required) The detector ID of the GuardDuty.
• destination_arn - (Required) The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be AWSLogs/[Account-ID]/GuardDuty/[Region]/ if not provided
• kms_key_arn - (Required) The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.
• destination_type- (Optional) Currently there is only "S3" available as destination type which is also the default value

Note: In case of missing permissions (S3 Bucket Policy or KMS Key permissions) the resource will fail to create. If the permissions are changed after resource creation, this can be asked from the AWS API via the "DescribePublishingDestination" call (https://docs.aws.amazon.com/cli/latest/reference/guardduty/describe-publishing-destination.html).

In addition to all arguments above, the following attributes are exported:

• id - The ID of the GuardDuty PublishingDestination and the detector ID. Format: <DetectorID>:<PublishingDestinationID>

Explanation in Terraform Registry

Provides a resource to manage a GuardDuty PublishingDestination. Requires an existing GuardDuty Detector.