Aws/guardduty
@swamp/aws/guarddutyv2026.06.15.1
01README
AWS GUARDDUTY infrastructure models
02Release Notes
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
03Models
detector.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| FindingPublishingFrequency? | string | |
| Enable | boolean | |
| DataSources? | object | |
| Features? | array | |
| Tags? | array |
fn create()
Create a GuardDuty Detector
fn get(identifier: string)
Get a GuardDuty Detector
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Detector |
fn update()
Update a GuardDuty Detector
fn delete(identifier: string)
Delete a GuardDuty Detector
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Detector |
fn sync()
Sync GuardDuty Detector state from AWS
filter.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Action? | string | |
| Description? | string | |
| DetectorId | string | |
| FindingCriteria? | object | |
| Rank? | number | |
| Name | string | |
| Tags? | array |
fn create()
Create a GuardDuty Filter
fn get(identifier: string)
Get a GuardDuty Filter
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Filter |
fn update()
Update a GuardDuty Filter
fn delete(identifier: string)
Delete a GuardDuty Filter
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Filter |
fn sync()
Sync GuardDuty Filter state from AWS
ipset.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Format | string | |
| Activate? | boolean | |
| DetectorId? | string | |
| Name? | string | |
| Location | string | |
| ExpectedBucketOwner? | string | |
| Tags? | array |
fn create()
Create a GuardDuty IPSet
fn get(identifier: string)
Get a GuardDuty IPSet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty IPSet |
fn update()
Update a GuardDuty IPSet
fn delete(identifier: string)
Delete a GuardDuty IPSet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty IPSet |
fn sync()
Sync GuardDuty IPSet state from AWS
malware_protection_plan.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Role | string | IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource. |
| ProtectedResource? | object | Name of the S3 bucket. |
| Tags? | array | The tags to be added to the created Malware Protection plan resource. Each tag consists of a key and an optional value, both of which you need to specify. |
fn create()
Create a GuardDuty MalwareProtectionPlan
fn get(identifier: string)
Get a GuardDuty MalwareProtectionPlan
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty MalwareProtectionPlan |
fn update()
Update a GuardDuty MalwareProtectionPlan
fn delete(identifier: string)
Delete a GuardDuty MalwareProtectionPlan
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty MalwareProtectionPlan |
fn sync()
Sync GuardDuty MalwareProtectionPlan state from AWS
master.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| MasterId | string | ID of the account used as the master account. |
| InvitationId? | string | Value used to validate the master account to the member account. |
| DetectorId | string | Unique ID of the detector of the GuardDuty member account. |
fn create()
Create a GuardDuty Master
fn get(identifier: string)
Get a GuardDuty Master
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Master |
fn delete(identifier: string)
Delete a GuardDuty Master
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Master |
fn sync()
Sync GuardDuty Master state from AWS
member.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Status? | string | |
| MemberId? | string | |
| string | ||
| Message? | string | |
| DisableEmailNotification? | boolean | |
| DetectorId? | string |
fn create()
Create a GuardDuty Member
fn get(identifier: string)
Get a GuardDuty Member
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Member |
fn update()
Update a GuardDuty Member
fn delete(identifier: string)
Delete a GuardDuty Member
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty Member |
fn sync()
Sync GuardDuty Member state from AWS
publishing_destination.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| DetectorId | string | The ID of the GuardDuty detector associated with the publishing destination. |
| DestinationType | string | The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported. |
| DestinationProperties? | object | The ARN of the resource to publish to. |
| Tags? | array |
fn create()
Create a GuardDuty PublishingDestination
fn get(identifier: string)
Get a GuardDuty PublishingDestination
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty PublishingDestination |
fn update()
Update a GuardDuty PublishingDestination
fn delete(identifier: string)
Delete a GuardDuty PublishingDestination
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty PublishingDestination |
fn sync()
Sync GuardDuty PublishingDestination state from AWS
threat_entity_set.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Format | string | |
| Activate? | boolean | |
| DetectorId? | string | |
| Name? | string | |
| Location | string | |
| ExpectedBucketOwner? | string | |
| Tags? | array |
fn create()
Create a GuardDuty ThreatEntitySet
fn get(identifier: string)
Get a GuardDuty ThreatEntitySet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty ThreatEntitySet |
fn update()
Update a GuardDuty ThreatEntitySet
fn delete(identifier: string)
Delete a GuardDuty ThreatEntitySet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty ThreatEntitySet |
fn sync()
Sync GuardDuty ThreatEntitySet state from AWS
threat_intel_set.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Format | string | |
| Activate? | boolean | |
| DetectorId? | string | |
| Name? | string | |
| Location | string | |
| ExpectedBucketOwner? | string | |
| Tags? | array |
fn create()
Create a GuardDuty ThreatIntelSet
fn get(identifier: string)
Get a GuardDuty ThreatIntelSet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty ThreatIntelSet |
fn update()
Update a GuardDuty ThreatIntelSet
fn delete(identifier: string)
Delete a GuardDuty ThreatIntelSet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty ThreatIntelSet |
fn sync()
Sync GuardDuty ThreatIntelSet state from AWS
trusted_entity_set.tsv2026.06.15.1
Global Arguments
| Argument | Type | Description |
|---|---|---|
| name | string | Instance name for this resource (used as the unique identifier in the factory pattern) |
| accessKeyId? | string | AWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| secretAccessKey? | string | AWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| sessionToken? | string | AWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault. |
| region? | string | AWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1. |
| Format | string | |
| Activate? | boolean | |
| DetectorId? | string | |
| Name? | string | |
| Location | string | |
| ExpectedBucketOwner? | string | |
| Tags? | array |
fn create()
Create a GuardDuty TrustedEntitySet
fn get(identifier: string)
Get a GuardDuty TrustedEntitySet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty TrustedEntitySet |
fn update()
Update a GuardDuty TrustedEntitySet
fn delete(identifier: string)
Delete a GuardDuty TrustedEntitySet
| Argument | Type | Description |
|---|---|---|
| identifier | string | The primary identifier of the GuardDuty TrustedEntitySet |
fn sync()
Sync GuardDuty TrustedEntitySet state from AWS
04Previous Versions
2026.06.08.2Jun 8, 2026
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
2026.06.06.1Jun 6, 2026
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
2026.04.23.3Apr 23, 2026
2026.04.23.2Apr 23, 2026
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
2026.04.03.2Apr 3, 2026
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
2026.03.19.1Mar 19, 2026
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
2026.03.16.1Mar 16, 2026
- Updated: detector, filter, ipset, malware_protection_plan, master, member, publishing_destination, threat_entity_set, threat_intel_set, trusted_entity_set
2026.03.10.5Mar 10, 2026
05Stats
B
85 / 100
Downloads
1
Archive size
2.3 MB
Verified by Swamp
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types (deprecated)1/1earned
- Dependencies pass trust audit0/2missing
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository2/2earned
06Platforms
07Labels