This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::GuardDuty::TrustedEntitySet
The AWS::GuardDuty::TrustedEntitySet resource helps you create a list of IP addresses
and domain names that you can use for secure communication with your AWS infrastructure
and applications. Once you activate this list, GuardDuty will not generate findings
when there is an activity associated with these safe IP addresses and domain names. At any
given time, you can have only one trusted entity set.
Only the users of the GuardDuty administrator account can manage the entity sets. These settings automatically apply member accounts.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::GuardDuty::TrustedEntitySet", "Properties" : { "Activate" :Boolean, "DetectorId" :String, "ExpectedBucketOwner" :String, "Format" :String, "Location" :String, "Name" :String, "Tags" :[ TagItem, ... ]} }
YAML
Type: AWS::GuardDuty::TrustedEntitySet Properties: Activate:BooleanDetectorId:StringExpectedBucketOwner:StringFormat:StringLocation:StringName:StringTags:- TagItem
Properties
Activate-
A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
Required: No
Type: Boolean
Update requires: No interruption
DetectorId-
The unique regional detector ID of the GuardDuty account for which you want to create a trusted entity set.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.Required: No
Type: String
Minimum:
1Maximum:
32Update requires: Replacement
ExpectedBucketOwner-
The AWS account ID that owns the Amazon S3 bucket specified in the Location field.
Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the
DetectorIdvalue owns the S3 bucket in theLocationfield. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.Required: No
Type: String
Update requires: No interruption
Format-
The format of the file that contains the trusted entity set. For information about supported formats, see List formats in the Amazon GuardDuty User Guide.
Required: Yes
Type: String
Minimum:
1Maximum:
300Update requires: Replacement
Location-
The URI of the file that contains the trusted entity set.
Required: Yes
Type: String
Minimum:
1Maximum:
300Update requires: No interruption
Name-
A user-friendly name to identify the trusted entity set. Valid characters include lowercase letters, uppercase letters, numbers, dash(-), and underscore (_).
Required: No
Type: String
Update requires: No interruption
-
The tags to be added to a new trusted entity set resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag.
Required: No
Type: Array of TagItem
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique ID of the TrustedEntitySet.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
CreatedAt-
The timestamp when the trusted entity set was created.
ErrorDetails-
Specifies the error details when the status of the trusted entity set shows as Error.
Status-
The status of your
TrustedEntitySet. For information about valid status values, see Understanding list statuses in the Amazon GuardDuty User Guide. UpdatedAt-
The timestamp when the trusted entity set was updated.
