VaporShell.GuardDuty.psm1
# PSM1 Contents function Format-Json { [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)] [String] $Json ) Begin { $cleaner = { param([String]$Line) Process{ [Regex]::Replace( $Line, "\\u(?<Value>[a-zA-Z0-9]{4})", { param($m)([char]([int]::Parse( $m.Groups['Value'].Value, [System.Globalization.NumberStyles]::HexNumber ))).ToString() } ) } } } Process { if ($PSVersionTable.PSVersion.Major -lt 6) { try { $indent = 0; $res = $Json -split '\n' | ForEach-Object { if ($_ -match '[\}\]]') { # This line contains ] or }, decrement the indentation level $indent-- } $line = (' ' * $indent * 2) + $_.TrimStart().Replace(': ', ': ') if ($_ -match '[\{\[]') { # This line contains [ or {, increment the indentation level $indent++ } $cleaner.Invoke($line) } $res -join "`n" } catch { ($Json -split '\n' | ForEach-Object {$cleaner.Invoke($_)}) -join "`n" } } else { ($Json -split '\n' | ForEach-Object {$cleaner.Invoke($_)}) -join "`n" } } } function Get-TrueCount { Param ( [parameter(Mandatory = $false,Position = 0,ValueFromPipeline = $true)] $Array ) Process { if ($array) { if ($array.Count) { $count = $array.Count } else { $count = 1 } } else { $count = 0 } } End { return $count } } function New-VSError { <# .SYNOPSIS Error generator function to use in tandem with $PSCmdlet.ThrowTerminatingError() .PARAMETER Result Allows input of an error from AWS SDK, resulting in the Exception message being parsed out. .PARAMETER String Used to create basic String message errors in the same wrapper #> [cmdletbinding(DefaultParameterSetName="Result")] param( [parameter(Position=0,ParameterSetName="Result")] $Result, [parameter(Position=0,ParameterSetName="String")] $String ) switch ($PSCmdlet.ParameterSetName) { Result { $Exception = "$($result.Exception.InnerException.Message)" } String { $Exception = "$String" } } $e = New-Object "System.Exception" $Exception $errorRecord = New-Object 'System.Management.Automation.ErrorRecord' $e, $null, ([System.Management.Automation.ErrorCategory]::InvalidOperation), $null return $errorRecord } function ResolveS3Endpoint { <# .SYNOPSIS Resolves the S3 endpoint most appropriate for each region. #> Param ( [parameter(Mandatory=$true,Position=0)] [ValidateSet("eu-west-2","ap-south-1","us-east-2","sa-east-1","us-west-1","us-west-2","eu-west-1","ap-southeast-2","ca-central-1","ap-northeast-2","us-east-1","eu-central-1","ap-southeast-1","ap-northeast-1")] [String] $Region ) $endpointMap = @{ "us-east-2" = "s3.us-east-2.amazonaws.com" "us-east-1" = "s3.amazonaws.com" "us-west-1" = "s3-us-west-1.amazonaws.com" "us-west-2" = "s3-us-west-2.amazonaws.com" "ca-central-1" = "s3.ca-central-1.amazonaws.com" "ap-south-1" = "s3.ap-south-1.amazonaws.com" "ap-northeast-2" = "s3.ap-northeast-2.amazonaws.com" "ap-southeast-1" = "s3-ap-southeast-1.amazonaws.com" "ap-southeast-2" = "s3-ap-southeast-2.amazonaws.com" "ap-northeast-1" = "s3-ap-northeast-1.amazonaws.com" "eu-central-1" = "s3.eu-central-1.amazonaws.com" "eu-west-1" = "s3-eu-west-1.amazonaws.com" "eu-west-2" = "s3.eu-west-2.amazonaws.com" "sa-east-1" = "s3-sa-east-1.amazonaws.com" } return $endpointMap[$Region] } function Add-VSGuardDutyDetectorCFNDataSourceConfigurations { <# .SYNOPSIS Adds an AWS::GuardDuty::Detector.CFNDataSourceConfigurations resource property to the template. .DESCRIPTION Adds an AWS::GuardDuty::Detector.CFNDataSourceConfigurations resource property to the template. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html .PARAMETER S3Logs Type: CFNS3LogsConfiguration Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-s3logs UpdateType: Mutable .PARAMETER Kubernetes Type: CFNKubernetesConfiguration Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-kubernetes UpdateType: Mutable .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyDetectorCFNDataSourceConfigurations])] [cmdletbinding()] Param( [parameter(Mandatory = $false)] $S3Logs, [parameter(Mandatory = $false)] $Kubernetes ) Process { $obj = [GuardDutyDetectorCFNDataSourceConfigurations]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNDataSourceConfigurations' function Add-VSGuardDutyDetectorCFNKubernetesAuditLogsConfiguration { <# .SYNOPSIS Adds an AWS::GuardDuty::Detector.CFNKubernetesAuditLogsConfiguration resource property to the template. .DESCRIPTION Adds an AWS::GuardDuty::Detector.CFNKubernetesAuditLogsConfiguration resource property to the template. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html .PARAMETER Enable Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html#cfn-guardduty-detector-cfnkubernetesauditlogsconfiguration-enable PrimitiveType: Boolean UpdateType: Mutable .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyDetectorCFNKubernetesAuditLogsConfiguration])] [cmdletbinding()] Param( [parameter(Mandatory = $false)] [object] $Enable ) Process { $obj = [GuardDutyDetectorCFNKubernetesAuditLogsConfiguration]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNKubernetesAuditLogsConfiguration' function Add-VSGuardDutyDetectorCFNKubernetesConfiguration { <# .SYNOPSIS Adds an AWS::GuardDuty::Detector.CFNKubernetesConfiguration resource property to the template. .DESCRIPTION Adds an AWS::GuardDuty::Detector.CFNKubernetesConfiguration resource property to the template. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html .PARAMETER AuditLogs Type: CFNKubernetesAuditLogsConfiguration Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html#cfn-guardduty-detector-cfnkubernetesconfiguration-auditlogs UpdateType: Mutable .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyDetectorCFNKubernetesConfiguration])] [cmdletbinding()] Param( [parameter(Mandatory = $false)] $AuditLogs ) Process { $obj = [GuardDutyDetectorCFNKubernetesConfiguration]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNKubernetesConfiguration' function Add-VSGuardDutyDetectorCFNS3LogsConfiguration { <# .SYNOPSIS Adds an AWS::GuardDuty::Detector.CFNS3LogsConfiguration resource property to the template. .DESCRIPTION Adds an AWS::GuardDuty::Detector.CFNS3LogsConfiguration resource property to the template. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html .PARAMETER Enable Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html#cfn-guardduty-detector-cfns3logsconfiguration-enable PrimitiveType: Boolean UpdateType: Mutable .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyDetectorCFNS3LogsConfiguration])] [cmdletbinding()] Param( [parameter(Mandatory = $false)] [object] $Enable ) Process { $obj = [GuardDutyDetectorCFNS3LogsConfiguration]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNS3LogsConfiguration' function Add-VSGuardDutyFilterCondition { <# .SYNOPSIS Adds an AWS::GuardDuty::Filter.Condition resource property to the template. Specifies the condition to apply to a single field when filtering through GuardDuty findings. .DESCRIPTION Adds an AWS::GuardDuty::Filter.Condition resource property to the template. Specifies the condition to apply to a single field when filtering through GuardDuty findings. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html .PARAMETER Lt Represents the less than condition to apply to a single field when querying for findings. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lt PrimitiveType: Integer UpdateType: Mutable .PARAMETER Gte Represents the greater than or equal condition to apply to a single field when querying for findings. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-gte PrimitiveType: Integer UpdateType: Mutable .PARAMETER Neq Represents the not equal condition to apply to a single field when querying for findings. PrimitiveItemType: String Type: List Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-neq UpdateType: Mutable .PARAMETER Eq Represents the equal condition to apply to a single field when querying for findings. PrimitiveItemType: String Type: List Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-eq UpdateType: Mutable .PARAMETER Lte Represents the less than or equal condition to apply to a single field when querying for findings. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lte PrimitiveType: Integer UpdateType: Mutable .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyFilterCondition])] [cmdletbinding()] Param( [parameter(Mandatory = $false)] [object] $Lt, [parameter(Mandatory = $false)] [object] $Gte, [parameter(Mandatory = $false)] $Neq, [parameter(Mandatory = $false)] $Eq, [parameter(Mandatory = $false)] [object] $Lte ) Process { $obj = [GuardDutyFilterCondition]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'Add-VSGuardDutyFilterCondition' function Add-VSGuardDutyFilterFindingCriteria { <# .SYNOPSIS Adds an AWS::GuardDuty::Filter.FindingCriteria resource property to the template. Represents a map of finding properties that match specified conditions and values when querying findings. .DESCRIPTION Adds an AWS::GuardDuty::Filter.FindingCriteria resource property to the template. Represents a map of finding properties that match specified conditions and values when querying findings. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html .PARAMETER Criterion Represents a map of finding properties that match specified conditions and values when querying findings. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-criterion PrimitiveType: Json UpdateType: Mutable .PARAMETER ItemType Specifies the condition to be applied to a single field when filtering through findings. Type: Condition Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-itemtype UpdateType: Mutable .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyFilterFindingCriteria])] [cmdletbinding()] Param( [parameter(Mandatory = $false)] [VSJson] $Criterion, [parameter(Mandatory = $false)] $ItemType ) Process { $obj = [GuardDutyFilterFindingCriteria]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'Add-VSGuardDutyFilterFindingCriteria' function New-VSGuardDutyDetector { <# .SYNOPSIS Adds an AWS::GuardDuty::Detector resource to the template. The AWS::GuardDuty::Detector resource specifies a new Amazon GuardDuty detector. A detector is an object that represents the Amazon GuardDuty service. A detector is required for Amazon GuardDuty to become operational. .DESCRIPTION Adds an AWS::GuardDuty::Detector resource to the template. The AWS::GuardDuty::Detector resource specifies a new Amazon GuardDuty detector. A detector is an object that represents the Amazon GuardDuty service. A detector is required for Amazon GuardDuty to become operational. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html .PARAMETER LogicalId The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance. .PARAMETER FindingPublishingFrequency A enumeration value that specifies how frequently finding updates are published. Valid values include: FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS. The default value is SIX_HOURS. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-findingpublishingfrequency PrimitiveType: String UpdateType: Mutable .PARAMETER DataSources Type: CFNDataSourceConfigurations Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-datasources UpdateType: Mutable .PARAMETER Enable Specifies whether or not to enable the detector. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-enable PrimitiveType: Boolean UpdateType: Mutable .PARAMETER DeletionPolicy With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER UpdateReplacePolicy Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource. For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance. You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources. The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets. Note Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope. UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER DependsOn With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute. This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created. .PARAMETER Metadata The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values. This will be returned when describing the resource using AWS CLI. .PARAMETER UpdatePolicy Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group. You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here. .PARAMETER Condition Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned. .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyDetector])] [cmdletbinding()] Param( [parameter(Mandatory = $true,Position = 0)] [ValidateLogicalId()] [string] $LogicalId, [parameter(Mandatory = $false)] [object] $FindingPublishingFrequency, [parameter(Mandatory = $false)] $DataSources, [parameter(Mandatory = $true)] [object] $Enable, [parameter()] [DeletionPolicy] $DeletionPolicy, [parameter()] [UpdateReplacePolicy] $UpdateReplacePolicy, [parameter(Mandatory = $false)] [string[]] $DependsOn, [parameter(Mandatory = $false)] [VSJson] $Metadata, [parameter(Mandatory = $false)] [UpdatePolicy] $UpdatePolicy, [parameter(Mandatory = $false)] [string] $Condition ) Process { $obj = [GuardDutyDetector]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'New-VSGuardDutyDetector' function New-VSGuardDutyFilter { <# .SYNOPSIS Adds an AWS::GuardDuty::Filter resource to the template. The AWS::GuardDuty::Filter resource specifies a new filter defined by the provided findingCriteria. .DESCRIPTION Adds an AWS::GuardDuty::Filter resource to the template. The AWS::GuardDuty::Filter resource specifies a new filter defined by the provided findingCriteria. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html .PARAMETER LogicalId The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance. .PARAMETER Action Specifies the action that is to be applied to the findings that match the filter. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-action PrimitiveType: String UpdateType: Mutable .PARAMETER Description The description of the filter. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-description PrimitiveType: String UpdateType: Mutable .PARAMETER DetectorId The ID of the detector to associate the Filter with. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-detectorid PrimitiveType: String UpdateType: Immutable .PARAMETER FindingCriteria Represents the criteria to be used in the filter for querying findings. Type: FindingCriteria Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-findingcriteria UpdateType: Mutable .PARAMETER Rank Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-rank PrimitiveType: Integer UpdateType: Mutable .PARAMETER Name The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot ., underscore _, and dash -. Spaces are not allowed. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-name PrimitiveType: String UpdateType: Immutable .PARAMETER DeletionPolicy With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER UpdateReplacePolicy Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource. For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance. You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources. The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets. Note Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope. UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER DependsOn With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute. This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created. .PARAMETER Metadata The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values. This will be returned when describing the resource using AWS CLI. .PARAMETER UpdatePolicy Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group. You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here. .PARAMETER Condition Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned. .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyFilter])] [cmdletbinding()] Param( [parameter(Mandatory = $true,Position = 0)] [ValidateLogicalId()] [string] $LogicalId, [parameter(Mandatory = $true)] [object] $Action, [parameter(Mandatory = $true)] [object] $Description, [parameter(Mandatory = $true)] [object] $DetectorId, [parameter(Mandatory = $true)] $FindingCriteria, [parameter(Mandatory = $true)] [object] $Rank, [parameter(Mandatory = $true)] [object] $Name, [parameter()] [DeletionPolicy] $DeletionPolicy, [parameter()] [UpdateReplacePolicy] $UpdateReplacePolicy, [parameter(Mandatory = $false)] [string[]] $DependsOn, [parameter(Mandatory = $false)] [VSJson] $Metadata, [parameter(Mandatory = $false)] [UpdatePolicy] $UpdatePolicy, [parameter(Mandatory = $false)] [string] $Condition ) Process { $obj = [GuardDutyFilter]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'New-VSGuardDutyFilter' function New-VSGuardDutyIPSet { <# .SYNOPSIS Adds an AWS::GuardDuty::IPSet resource to the template. The AWS::GuardDuty::IPSet resource specifies a new IPSet. An IPSet is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications. .DESCRIPTION Adds an AWS::GuardDuty::IPSet resource to the template. The AWS::GuardDuty::IPSet resource specifies a new IPSet. An IPSet is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html .PARAMETER LogicalId The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance. .PARAMETER Format The format of the file that contains the IPSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-format PrimitiveType: String UpdateType: Immutable .PARAMETER Activate Indicated whether or not GuardDuty uses the IPSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-activate PrimitiveType: Boolean UpdateType: Mutable .PARAMETER DetectorId The unique ID of the detector for the GuardDuty service to associate the IPSet with. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-detectorid PrimitiveType: String UpdateType: Immutable .PARAMETER Name The name for the IPSet. This name is displayed in all findings that are triggered by activity associated with the IP addresses included in this IPSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-name PrimitiveType: String UpdateType: Mutable .PARAMETER Location The URI of the file that contains the IPSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-location PrimitiveType: String UpdateType: Mutable .PARAMETER DeletionPolicy With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER UpdateReplacePolicy Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource. For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance. You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources. The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets. Note Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope. UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER DependsOn With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute. This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created. .PARAMETER Metadata The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values. This will be returned when describing the resource using AWS CLI. .PARAMETER UpdatePolicy Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group. You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here. .PARAMETER Condition Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned. .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyIPSet])] [cmdletbinding()] Param( [parameter(Mandatory = $true,Position = 0)] [ValidateLogicalId()] [string] $LogicalId, [parameter(Mandatory = $true)] [object] $Format, [parameter(Mandatory = $true)] [object] $Activate, [parameter(Mandatory = $true)] [object] $DetectorId, [parameter(Mandatory = $false)] [object] $Name, [parameter(Mandatory = $true)] [object] $Location, [parameter()] [DeletionPolicy] $DeletionPolicy, [parameter()] [UpdateReplacePolicy] $UpdateReplacePolicy, [parameter(Mandatory = $false)] [string[]] $DependsOn, [parameter(Mandatory = $false)] [VSJson] $Metadata, [parameter(Mandatory = $false)] [UpdatePolicy] $UpdatePolicy, [parameter(Mandatory = $false)] [string] $Condition ) Process { $obj = [GuardDutyIPSet]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'New-VSGuardDutyIPSet' function New-VSGuardDutyMaster { <# .SYNOPSIS Adds an AWS::GuardDuty::Master resource to the template. You can use the AWS::GuardDuty::Master resource in a GuardDuty member account to accept an invitation from a GuardDuty master account. The invitation to the member account must be sent prior to using the AWS::GuardDuty::Master resource to accept the master account's invitation. You can invite a member account by using the InviteMembers operation of the Amazon GuardDuty API, or by creating an AWS::GuardDuty::Member resource. .DESCRIPTION Adds an AWS::GuardDuty::Master resource to the template. You can use the AWS::GuardDuty::Master resource in a GuardDuty member account to accept an invitation from a GuardDuty master account. The invitation to the member account must be sent prior to using the AWS::GuardDuty::Master resource to accept the master account's invitation. You can invite a member account by using the InviteMembers operation of the Amazon GuardDuty API, or by creating an AWS::GuardDuty::Member resource. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html .PARAMETER LogicalId The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance. .PARAMETER DetectorId The unique ID of the detector associated with the GuardDuty master account. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-detectorid PrimitiveType: String UpdateType: Immutable .PARAMETER MasterId The AWS account ID of the account designated as the GuardDuty master account. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-masterid PrimitiveType: String UpdateType: Immutable .PARAMETER InvitationId The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-invitationid PrimitiveType: String UpdateType: Immutable .PARAMETER DeletionPolicy With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER UpdateReplacePolicy Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource. For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance. You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources. The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets. Note Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope. UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER DependsOn With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute. This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created. .PARAMETER Metadata The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values. This will be returned when describing the resource using AWS CLI. .PARAMETER UpdatePolicy Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group. You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here. .PARAMETER Condition Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned. .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyMaster])] [cmdletbinding()] Param( [parameter(Mandatory = $true,Position = 0)] [ValidateLogicalId()] [string] $LogicalId, [parameter(Mandatory = $true)] [object] $DetectorId, [parameter(Mandatory = $true)] [object] $MasterId, [parameter(Mandatory = $false)] [object] $InvitationId, [parameter()] [DeletionPolicy] $DeletionPolicy, [parameter()] [UpdateReplacePolicy] $UpdateReplacePolicy, [parameter(Mandatory = $false)] [string[]] $DependsOn, [parameter(Mandatory = $false)] [VSJson] $Metadata, [parameter(Mandatory = $false)] [UpdatePolicy] $UpdatePolicy, [parameter(Mandatory = $false)] [string] $Condition ) Process { $obj = [GuardDutyMaster]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'New-VSGuardDutyMaster' function New-VSGuardDutyMember { <# .SYNOPSIS Adds an AWS::GuardDuty::Member resource to the template. You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty master account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account. .DESCRIPTION Adds an AWS::GuardDuty::Member resource to the template. You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty master account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html .PARAMETER LogicalId The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance. .PARAMETER Status You can use the Status property to update the status of the relationship between the member account and its master account. Valid values are Created and Invited when using a AWS::GuardDuty::Member resource. If the value for this property is not provided or set to Created, a member account is created but not invited. If the value of this property is set to Invited, a member account is created and invited. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-status PrimitiveType: String UpdateType: Mutable .PARAMETER MemberId The AWS account ID of the account to designate as a member. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-memberid PrimitiveType: String UpdateType: Immutable .PARAMETER Email The email address associated with the member account. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-email PrimitiveType: String UpdateType: Immutable .PARAMETER Message The message to include with the invitation sent to the member accounts. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-message PrimitiveType: String UpdateType: Mutable .PARAMETER DisableEmailNotification Specifies whether or not to disable email notification for the member account that you invite. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-disableemailnotification PrimitiveType: Boolean UpdateType: Mutable .PARAMETER DetectorId The ID of the detector associated with the GuardDuty service to add the member to. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-detectorid PrimitiveType: String UpdateType: Immutable .PARAMETER DeletionPolicy With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER UpdateReplacePolicy Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource. For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance. You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources. The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets. Note Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope. UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER DependsOn With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute. This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created. .PARAMETER Metadata The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values. This will be returned when describing the resource using AWS CLI. .PARAMETER UpdatePolicy Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group. You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here. .PARAMETER Condition Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned. .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyMember])] [cmdletbinding()] Param( [parameter(Mandatory = $true,Position = 0)] [ValidateLogicalId()] [string] $LogicalId, [parameter(Mandatory = $false)] [object] $Status, [parameter(Mandatory = $true)] [object] $MemberId, [parameter(Mandatory = $true)] [object] $Email, [parameter(Mandatory = $false)] [object] $Message, [parameter(Mandatory = $false)] [object] $DisableEmailNotification, [parameter(Mandatory = $true)] [object] $DetectorId, [parameter()] [DeletionPolicy] $DeletionPolicy, [parameter()] [UpdateReplacePolicy] $UpdateReplacePolicy, [parameter(Mandatory = $false)] [string[]] $DependsOn, [parameter(Mandatory = $false)] [VSJson] $Metadata, [parameter(Mandatory = $false)] [UpdatePolicy] $UpdatePolicy, [parameter(Mandatory = $false)] [string] $Condition ) Process { $obj = [GuardDutyMember]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'New-VSGuardDutyMember' function New-VSGuardDutyThreatIntelSet { <# .SYNOPSIS Adds an AWS::GuardDuty::ThreatIntelSet resource to the template. The AWS::GuardDuty::ThreatIntelSet resource specifies a new ThreatIntelSet. A ThreatIntelSet consists of known malicious IP addresses. GuardDuty generates findings based on the ThreatIntelSet when it is activated. .DESCRIPTION Adds an AWS::GuardDuty::ThreatIntelSet resource to the template. The AWS::GuardDuty::ThreatIntelSet resource specifies a new ThreatIntelSet. A ThreatIntelSet consists of known malicious IP addresses. GuardDuty generates findings based on the ThreatIntelSet when it is activated. .LINK http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html .PARAMETER LogicalId The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance. .PARAMETER Format The format of the file that contains the ThreatIntelSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-format PrimitiveType: String UpdateType: Immutable .PARAMETER Activate Specifies whether or not GuardDuty uses the ThreatIntelSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-activate PrimitiveType: Boolean UpdateType: Mutable .PARAMETER DetectorId The ID of the detector to associate the ThreatIntelSet with. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-detectorid PrimitiveType: String UpdateType: Immutable .PARAMETER Name A name for the ThreatIntelSet. The name is displayed in all finding generated by activity associated with the IP addresses included in this ThreatIntelSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-name PrimitiveType: String UpdateType: Mutable .PARAMETER Location The URI of the file that contains the ThreatIntelSet. Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-location PrimitiveType: String UpdateType: Mutable .PARAMETER DeletionPolicy With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER UpdateReplacePolicy Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource. For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance. You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources. The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets. Note Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope. UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update. You must use one of the following options: "Delete","Retain","Snapshot" .PARAMETER DependsOn With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute. This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created. .PARAMETER Metadata The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values. This will be returned when describing the resource using AWS CLI. .PARAMETER UpdatePolicy Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group. You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here. .PARAMETER Condition Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned. .FUNCTIONALITY Vaporshell #> [OutputType([GuardDutyThreatIntelSet])] [cmdletbinding()] Param( [parameter(Mandatory = $true,Position = 0)] [ValidateLogicalId()] [string] $LogicalId, [parameter(Mandatory = $true)] [object] $Format, [parameter(Mandatory = $true)] [object] $Activate, [parameter(Mandatory = $true)] [object] $DetectorId, [parameter(Mandatory = $false)] [object] $Name, [parameter(Mandatory = $true)] [object] $Location, [parameter()] [DeletionPolicy] $DeletionPolicy, [parameter()] [UpdateReplacePolicy] $UpdateReplacePolicy, [parameter(Mandatory = $false)] [string[]] $DependsOn, [parameter(Mandatory = $false)] [VSJson] $Metadata, [parameter(Mandatory = $false)] [UpdatePolicy] $UpdatePolicy, [parameter(Mandatory = $false)] [string] $Condition ) Process { $obj = [GuardDutyThreatIntelSet]::new($PSBoundParameters) Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)" Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)" $obj } } Export-ModuleMember -Function 'New-VSGuardDutyThreatIntelSet' |