Skip to content
Alchemy
GitHubXDiscord

Detector

The Detector resource allows you to manage AWS GuardDuty Detectors for continuous security monitoring of your AWS accounts and workloads.

Minimal Example

Section titled “Minimal Example”

Create a basic GuardDuty detector with the required properties and a common optional property for finding publishing frequency.

import AWS from "alchemy/aws/control";


const basicDetector = await AWS.GuardDuty.Detector("basicDetector", {
  Enable: true,
  FindingPublishingFrequency: "FIFTEEN_MINUTES"
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a GuardDuty detector with additional options like data sources and features.

const advancedDetector = await AWS.GuardDuty.Detector("advancedDetector", {
  Enable: true,
  FindingPublishingFrequency: "ONE_HOUR",
  DataSources: {
    S3Logs: {
      Enable: true
    },
    CloudTrail: {
      Enable: true
    }
  },
  Features: [
    {
      Name: "S3_DATA_EVENTS",
      Enable: true
    }
  ],
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    },
    {
      Key: "Team",
      Value: "Security"
    }
  ]
});

Enabling All Data Sources

Section titled “Enabling All Data Sources”

Demonstrate how to enable all data sources for a comprehensive security posture.

const fullDataSourceDetector = await AWS.GuardDuty.Detector("fullDataSourceDetector", {
  Enable: true,
  DataSources: {
    S3Logs: {
      Enable: true
    },
    CloudTrail: {
      Enable: true
    },
    VPCFlowLogs: {
      Enable: true
    },
    DNSLogs: {
      Enable: true
    }
  },
  Tags: [
    {
      Key: "Project",
      Value: "GuardDutyEnhancement"
    }
  ]
});

Adopting Existing Detectors

Section titled “Adopting Existing Detectors”

If you want to adopt an existing GuardDuty detector instead of failing, set the adopt property to true.

const adoptExistingDetector = await AWS.GuardDuty.Detector("adoptExistingDetector", {
  Enable: true,
  adopt: true
});