AWS::GuardDuty::PublishingDestination - Amazon CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::GuardDuty::PublishingDestination

Creates a publishing destination where you can export your GuardDuty findings. Before you start exporting the findings, the destination resource must exist.

For more information about considerations and permissions, see Exporting GuardDuty findings to Amazon S3 buckets in the Amazon GuardDuty User Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::GuardDuty::PublishingDestination",
  "Properties" : {
      "DestinationProperties" : CFNDestinationProperties,
      "DestinationType" : String,
      "DetectorId" : String,
      "Tags" : [ TagItem, ... ]
    }
}

YAML

Type: AWS::GuardDuty::PublishingDestination
Properties:
  DestinationProperties: 
    CFNDestinationProperties
  DestinationType: String
  DetectorId: String
  Tags: 
    - TagItem

Properties

DestinationProperties

Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.

Required: Yes

Type: CFNDestinationProperties

Update requires: No interruption

DestinationType

The type of publishing destination. GuardDuty supports Amazon S3 buckets as a publishing destination.

Required: Yes

Type: String

Update requires: No interruption

DetectorId

The ID of the GuardDuty detector where the publishing destination exists.

Required: Yes

Type: String

Minimum: 1

Maximum: 300

Update requires: Replacement

Tags

Describes a tag.

Required: No

Type: Array of TagItem

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource publishing destination ID.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id

The ID of the publishing destination.

PublishingFailureStartTimestamp

The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

Status

The status of the publishing destination.