github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/securityhub/automationRule.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package securityhub

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Resource for managing an AWS Security Hub Automation Rule.
//
// ## Example Usage
//
// ### Basic Usage
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := securityhub.NewAutomationRule(ctx, "example", &securityhub.AutomationRuleArgs{
//				Description: pulumi.String("Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk"),
//				RuleName:    pulumi.String("Elevate severity of findings that relate to important resources"),
//				RuleOrder:   pulumi.Int(1),
//				Actions: securityhub.AutomationRuleActionArray{
//					&securityhub.AutomationRuleActionArgs{
//						FindingFieldsUpdate: &securityhub.AutomationRuleActionFindingFieldsUpdateArgs{
//							Severity: &securityhub.AutomationRuleActionFindingFieldsUpdateSeverityArgs{
//								Label:   pulumi.String("CRITICAL"),
//								Product: pulumi.Float64(0),
//							},
//							Note: &securityhub.AutomationRuleActionFindingFieldsUpdateNoteArgs{
//								Text:      pulumi.String("This is a critical resource. Please review ASAP."),
//								UpdatedBy: pulumi.String("sechub-automation"),
//							},
//							Types: pulumi.StringArray{
//								pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards"),
//							},
//							UserDefinedFields: pulumi.StringMap{
//								"key": pulumi.String("value"),
//							},
//						},
//						Type: pulumi.String("FINDING_FIELDS_UPDATE"),
//					},
//				},
//				Criteria: &securityhub.AutomationRuleCriteriaArgs{
//					ResourceIds: securityhub.AutomationRuleCriteriaResourceIdArray{
//						&securityhub.AutomationRuleCriteriaResourceIdArgs{
//							Comparison: pulumi.String("EQUALS"),
//							Value:      pulumi.String("arn:aws:s3:::examplebucket/*"),
//						},
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Import
//
// Using `pulumi import`, import Security Hub automation rule using their ARN. For example:
//
// ```sh
// $ pulumi import aws:securityhub/automationRule:AutomationRule example arn:aws:securityhub:us-west-2:123456789012:automation-rule/473eddde-f5c4-4ae5-85c7-e922f271fffc
// ```
type AutomationRule struct {
	pulumi.CustomResourceState

	// A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in `Criteria`. Documented below.
	Actions AutomationRuleActionArrayOutput `pulumi:"actions"`
	// The ARN of the Security Hub automation rule.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
	Criteria AutomationRuleCriteriaPtrOutput `pulumi:"criteria"`
	// The description of the rule.
	Description pulumi.StringOutput `pulumi:"description"`
	// Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to `false`.
	IsTerminal pulumi.BoolOutput `pulumi:"isTerminal"`
	// The name of the rule.
	RuleName pulumi.StringOutput `pulumi:"ruleName"`
	// An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
	RuleOrder pulumi.IntOutput `pulumi:"ruleOrder"`
	// Whether the rule is active after it is created.
	RuleStatus pulumi.StringOutput    `pulumi:"ruleStatus"`
	Tags       pulumi.StringMapOutput `pulumi:"tags"`
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}

// NewAutomationRule registers a new resource with the given unique name, arguments, and options.
func NewAutomationRule(ctx *pulumi.Context,
	name string, args *AutomationRuleArgs, opts ...pulumi.ResourceOption) (*AutomationRule, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.Description == nil {
		return nil, errors.New("invalid value for required argument 'Description'")
	}
	if args.RuleName == nil {
		return nil, errors.New("invalid value for required argument 'RuleName'")
	}
	if args.RuleOrder == nil {
		return nil, errors.New("invalid value for required argument 'RuleOrder'")
	}
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource AutomationRule
	err := ctx.RegisterResource("aws:securityhub/automationRule:AutomationRule", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetAutomationRule gets an existing AutomationRule resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetAutomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AutomationRuleState, opts ...pulumi.ResourceOption) (*AutomationRule, error) {
	var resource AutomationRule
	err := ctx.ReadResource("aws:securityhub/automationRule:AutomationRule", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering AutomationRule resources.
type automationRuleState struct {
	// A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in `Criteria`. Documented below.
	Actions []AutomationRuleAction `pulumi:"actions"`
	// The ARN of the Security Hub automation rule.
	Arn *string `pulumi:"arn"`
	// A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
	Criteria *AutomationRuleCriteria `pulumi:"criteria"`
	// The description of the rule.
	Description *string `pulumi:"description"`
	// Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to `false`.
	IsTerminal *bool `pulumi:"isTerminal"`
	// The name of the rule.
	RuleName *string `pulumi:"ruleName"`
	// An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
	RuleOrder *int `pulumi:"ruleOrder"`
	// Whether the rule is active after it is created.
	RuleStatus *string           `pulumi:"ruleStatus"`
	Tags       map[string]string `pulumi:"tags"`
	// Deprecated: Please use `tags` instead.
	TagsAll map[string]string `pulumi:"tagsAll"`
}

type AutomationRuleState struct {
	// A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in `Criteria`. Documented below.
	Actions AutomationRuleActionArrayInput
	// The ARN of the Security Hub automation rule.
	Arn pulumi.StringPtrInput
	// A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
	Criteria AutomationRuleCriteriaPtrInput
	// The description of the rule.
	Description pulumi.StringPtrInput
	// Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to `false`.
	IsTerminal pulumi.BoolPtrInput
	// The name of the rule.
	RuleName pulumi.StringPtrInput
	// An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
	RuleOrder pulumi.IntPtrInput
	// Whether the rule is active after it is created.
	RuleStatus pulumi.StringPtrInput
	Tags       pulumi.StringMapInput
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapInput
}

func (AutomationRuleState) ElementType() reflect.Type {
	return reflect.TypeOf((*automationRuleState)(nil)).Elem()
}

type automationRuleArgs struct {
	// A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in `Criteria`. Documented below.
	Actions []AutomationRuleAction `pulumi:"actions"`
	// A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
	Criteria *AutomationRuleCriteria `pulumi:"criteria"`
	// The description of the rule.
	Description string `pulumi:"description"`
	// Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to `false`.
	IsTerminal *bool `pulumi:"isTerminal"`
	// The name of the rule.
	RuleName string `pulumi:"ruleName"`
	// An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
	RuleOrder int `pulumi:"ruleOrder"`
	// Whether the rule is active after it is created.
	RuleStatus *string           `pulumi:"ruleStatus"`
	Tags       map[string]string `pulumi:"tags"`
}

// The set of arguments for constructing a AutomationRule resource.
type AutomationRuleArgs struct {
	// A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in `Criteria`. Documented below.
	Actions AutomationRuleActionArrayInput
	// A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
	Criteria AutomationRuleCriteriaPtrInput
	// The description of the rule.
	Description pulumi.StringInput
	// Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to `false`.
	IsTerminal pulumi.BoolPtrInput
	// The name of the rule.
	RuleName pulumi.StringInput
	// An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
	RuleOrder pulumi.IntInput
	// Whether the rule is active after it is created.
	RuleStatus pulumi.StringPtrInput
	Tags       pulumi.StringMapInput
}

func (AutomationRuleArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*automationRuleArgs)(nil)).Elem()
}

type AutomationRuleInput interface {
	pulumi.Input

	ToAutomationRuleOutput() AutomationRuleOutput
	ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput
}

func (*AutomationRule) ElementType() reflect.Type {
	return reflect.TypeOf((**AutomationRule)(nil)).Elem()
}

func (i *AutomationRule) ToAutomationRuleOutput() AutomationRuleOutput {
	return i.ToAutomationRuleOutputWithContext(context.Background())
}

func (i *AutomationRule) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AutomationRuleOutput)
}

// AutomationRuleArrayInput is an input type that accepts AutomationRuleArray and AutomationRuleArrayOutput values.
// You can construct a concrete instance of `AutomationRuleArrayInput` via:
//
//	AutomationRuleArray{ AutomationRuleArgs{...} }
type AutomationRuleArrayInput interface {
	pulumi.Input

	ToAutomationRuleArrayOutput() AutomationRuleArrayOutput
	ToAutomationRuleArrayOutputWithContext(context.Context) AutomationRuleArrayOutput
}

type AutomationRuleArray []AutomationRuleInput

func (AutomationRuleArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*AutomationRule)(nil)).Elem()
}

func (i AutomationRuleArray) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput {
	return i.ToAutomationRuleArrayOutputWithContext(context.Background())
}

func (i AutomationRuleArray) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AutomationRuleArrayOutput)
}

// AutomationRuleMapInput is an input type that accepts AutomationRuleMap and AutomationRuleMapOutput values.
// You can construct a concrete instance of `AutomationRuleMapInput` via:
//
//	AutomationRuleMap{ "key": AutomationRuleArgs{...} }
type AutomationRuleMapInput interface {
	pulumi.Input

	ToAutomationRuleMapOutput() AutomationRuleMapOutput
	ToAutomationRuleMapOutputWithContext(context.Context) AutomationRuleMapOutput
}

type AutomationRuleMap map[string]AutomationRuleInput

func (AutomationRuleMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*AutomationRule)(nil)).Elem()
}

func (i AutomationRuleMap) ToAutomationRuleMapOutput() AutomationRuleMapOutput {
	return i.ToAutomationRuleMapOutputWithContext(context.Background())
}

func (i AutomationRuleMap) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(AutomationRuleMapOutput)
}

type AutomationRuleOutput struct{ *pulumi.OutputState }

func (AutomationRuleOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**AutomationRule)(nil)).Elem()
}

func (o AutomationRuleOutput) ToAutomationRuleOutput() AutomationRuleOutput {
	return o
}

func (o AutomationRuleOutput) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput {
	return o
}

// A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in `Criteria`. Documented below.
func (o AutomationRuleOutput) Actions() AutomationRuleActionArrayOutput {
	return o.ApplyT(func(v *AutomationRule) AutomationRuleActionArrayOutput { return v.Actions }).(AutomationRuleActionArrayOutput)
}

// The ARN of the Security Hub automation rule.
func (o AutomationRuleOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
func (o AutomationRuleOutput) Criteria() AutomationRuleCriteriaPtrOutput {
	return o.ApplyT(func(v *AutomationRule) AutomationRuleCriteriaPtrOutput { return v.Criteria }).(AutomationRuleCriteriaPtrOutput)
}

// The description of the rule.
func (o AutomationRuleOutput) Description() pulumi.StringOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.StringOutput { return v.Description }).(pulumi.StringOutput)
}

// Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to `false`.
func (o AutomationRuleOutput) IsTerminal() pulumi.BoolOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.BoolOutput { return v.IsTerminal }).(pulumi.BoolOutput)
}

// The name of the rule.
func (o AutomationRuleOutput) RuleName() pulumi.StringOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.StringOutput { return v.RuleName }).(pulumi.StringOutput)
}

// An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
func (o AutomationRuleOutput) RuleOrder() pulumi.IntOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.IntOutput { return v.RuleOrder }).(pulumi.IntOutput)
}

// Whether the rule is active after it is created.
func (o AutomationRuleOutput) RuleStatus() pulumi.StringOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.StringOutput { return v.RuleStatus }).(pulumi.StringOutput)
}

func (o AutomationRuleOutput) Tags() pulumi.StringMapOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput)
}

// Deprecated: Please use `tags` instead.
func (o AutomationRuleOutput) TagsAll() pulumi.StringMapOutput {
	return o.ApplyT(func(v *AutomationRule) pulumi.StringMapOutput { return v.TagsAll }).(pulumi.StringMapOutput)
}

type AutomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*AutomationRule)(nil)).Elem()
}

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput {
	return o
}

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput {
	return o
}

func (o AutomationRuleArrayOutput) Index(i pulumi.IntInput) AutomationRuleOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *AutomationRule {
		return vs[0].([]*AutomationRule)[vs[1].(int)]
	}).(AutomationRuleOutput)
}

type AutomationRuleMapOutput struct{ *pulumi.OutputState }

func (AutomationRuleMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*AutomationRule)(nil)).Elem()
}

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutput() AutomationRuleMapOutput {
	return o
}

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput {
	return o
}

func (o AutomationRuleMapOutput) MapIndex(k pulumi.StringInput) AutomationRuleOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *AutomationRule {
		return vs[0].(map[string]*AutomationRule)[vs[1].(string)]
	}).(AutomationRuleOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*AutomationRuleInput)(nil)).Elem(), &AutomationRule{})
	pulumi.RegisterInputType(reflect.TypeOf((*AutomationRuleArrayInput)(nil)).Elem(), AutomationRuleArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*AutomationRuleMapInput)(nil)).Elem(), AutomationRuleMap{})
	pulumi.RegisterOutputType(AutomationRuleOutput{})
	pulumi.RegisterOutputType(AutomationRuleArrayOutput{})
	pulumi.RegisterOutputType(AutomationRuleMapOutput{})
}