Amazon Fraud Detector is no longer open to new customers as of November 7, 2025. For capabilities similar to Amazon Fraud Detector, explore Amazon SageMaker, AutoGluon, and AWS WAF.

# Create a detector
<a name="create-a-detector"></a>

You create a detector by specifying the event type that you have already defined. You can optionally add a model that is already trained and deployed by Amazon Fraud Detector. If you add a model, you can use the model score generated by Amazon Fraud Detector in your rule expression when creating a rule (for example, `$model score < 90`).

 You can create a detector in the Amazon Fraud Detector console, using the [PutDetector](https://docs.aws.amazon.com//frauddetector/latest/api/API_PutDetector.html) API, using the [put-detector](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/frauddetector/put-detector.html) command, or using the AWS SDK. If you are using API, command, or SDK for creating a detector, after you've created the detector follow instructions to [Create a detector version](create-a-detector-version.md). 

## Create a detector in the Amazon Fraud Detector console
<a name="create-detector-console"></a>

This example assumes that you've created an event type and also have created and deployed a model version you want to use for fraud prediction.

### Step 1: Build detector
<a name="step-1-build-detector-console"></a>

1. In the left navigation pane of the Amazon Fraud Detector console, choose **Detectors**.

1. Choose **Create detector**.

1. In the **Define detector details** page, enter `sample_detector` for detector name. Optionally, enter a description for the detector, such as `my sample fraud detector`.

1. For **Event Type**, select the event type you have created for fraud prediction.

1. Choose **Next**. 

### Step 2: Add a deployed model version
<a name="add-deployed-model-console"></a>

1. Note that this is an optional step. You do not need to add a model to your detector. To skip this step, choose **Next**.

1. In the **Add model - optional**, choose **Add Model**.

1. In the **Add model** page, for **Select model**, choose the Amazon Fraud Detector model name that you deployed earlier. For **Select version**, choose the model version of the deployed model.

1. Choose **Add model**.

1. Choose **Next**.

### Step 3: Add rules
<a name="add-rules-to-detector-console"></a>

A rule is a condition that tells Amazon Fraud Detector how to interpret variable values when evaluating for fraud prediction. This example will create three rules using the model scores as variable values: `high_fraud_risk`, `medium_fraud_risk`, and `low_fraud_risk`. To create your own rules, rule expressions, rule execution order, and outcomes, use values that are appropriate for your model and your use case.

1. In the **Add rules** page, under **Define a rule**, enter `high_fraud_risk` for the rule name and under **Description - optional**, enter **This rule captures events with a high ML model score** as the description for the rule.

1. In **Expression**, enter the following rule expression using the Amazon Fraud Detector simplified rule expression language:

   `$sample_fraud_detection_model_insightscore > 900`

1. In **Outcomes**, choose **Create a new outcome**. An outcome is the result from a fraud prediction and is returned if the rule matches during an evaluation. 

1. In **Create a new outcome**, enter `verify_customer` as the outcome name. Optionally, enter a description.

1. Choose **Save outcome**. 

1. Choose **Add rule** to run the rule validation checker and save the rule. After it's created, Amazon Fraud Detector makes the rule available for use in your detector.

1. Choose **Add another rule**, and then choose the **Create rule** tab. 

1. Repeat this process twice more to create your `medium_fraud_risk` and `low_fraud_risk` rules using the following rule details: 
   + medium\_fraud\_risk

     Rule name: `medium_fraud_risk`

     Outcome: `review`

     Expression:

     `$sample_fraud_detection_model_insightscore <= 900 and`

     `$sample_fraud_detection_model_insightscore > 700`
   + low\_fraud\_risk

     Rule name: `low_fraud_risk`

     Outcome: `approve`

     Expression:

     `$sample_fraud_detection_model_insightscore <= 700`

1. After you have created all the rules for your use case, choose **Next**. 

   For more information about creating and writing rules, see [Rules](rules.md) and [Rule language reference](rule-language-reference.md).

### Step 4: Configure rule execution and rule order
<a name="get-start-define-rule-order-console"></a>

The rule execution mode for the rules that are included in the detector determines if all the rules you define are evaluated, or if rule evaluation stops at the first matched rule. And the rule order determines the order that you want the rule to be run in. 

The default rule execution mode is `FIRST_MATCHED`. 

**First matched**  
First matched rule execution mode returns the outcomes for the first matching rule based on defined rule order. If you specify `FIRST_MATCHED`, Amazon Fraud Detector evaluates rules sequentially, first to last, stopping at the first matched rule. Amazon Fraud Detector then provides the outcomes for that single rule.   
The order that you run rules in can affect the resulting fraud prediction outcome. After you have created your rules, re-order the rules to run them in the desired order by following these steps:   
If your `high_fraud_risk` rule isn't already on the top of your rule list, choose **Order**, and then choose **1**. This moves `high_fraud_risk` to the first position.  
Repeat this process so that your `medium_fraud_risk` rule is in the second position and your `low_fraud_risk` rule is in the third position.

**All matched**  
All matched rule execution mode returns outcomes for all matched rules, regardless of rule order. If you specify `ALL_MATCHED`, Amazon Fraud Detector evaluates all rules and returns the outcomes for all matched rules.

Select `FIRST_MATCHED` for this tutorial and then choose **Next**.

### Step 5: Review and create detector version
<a name="get-start-review-and-create-detector-version-console"></a>

A detector version defines the specific models and rules that are used for generating fraud predictions.

1. In the **Review and create** page, review the detector details, models, and rules that you configured. If you need to make any changes, choose **Edit** next to the corresponding section.

1. Choose **Create detector**. After it's created, the first version of your detector appears in the Detector versions table with `Draft` status.

   You use the **Draft** version to test your Detector.

## Create a detector using the AWS SDK for Python (Boto3)
<a name="create-a-detector-using-the-aws-python-sdk"></a>

The following example shows a sample request for the `PutDetector` API. A detector acts as a container for your detector versions. The `PutDetector` API specifies what event type the detector will evaluate. The following example assumes you have created an event type `sample_registration`.

```
import boto3
fraudDetector = boto3.client('frauddetector')

fraudDetector.put_detector (
detectorId = 'sample_detector',
eventTypeName = 'sample_registration'
)
```