VaporShell.GuardDuty.psm1

# PSM1 Contents
function Format-Json {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [String]
        $Json
    )
    Begin {
        $cleaner = {
            param([String]$Line)
            Process{
                [Regex]::Replace(
                    $Line,
                    "\\u(?<Value>[a-zA-Z0-9]{4})",
                    {
                        param($m)([char]([int]::Parse(
                            $m.Groups['Value'].Value,
                            [System.Globalization.NumberStyles]::HexNumber
                        ))).ToString()
                    }
                )
            }
        }
    }
    Process {
        if ($PSVersionTable.PSVersion.Major -lt 6) {
            try {
                $indent = 0;
                $res = $Json -split '\n' | ForEach-Object {
                    if ($_ -match '[\}\]]') {
                        # This line contains ] or }, decrement the indentation level
                        $indent--
                    }
                    $line = (' ' * $indent * 2) + $_.TrimStart().Replace(': ', ': ')
                    if ($_ -match '[\{\[]') {
                        # This line contains [ or {, increment the indentation level
                        $indent++
                    }
                    $cleaner.Invoke($line)
                }
                $res -join "`n"
            }
            catch {
                ($Json -split '\n' | ForEach-Object {$cleaner.Invoke($_)}) -join "`n"
            }
        }
        else {
            ($Json -split '\n' | ForEach-Object {$cleaner.Invoke($_)}) -join "`n"
        }
    }
}

function Get-TrueCount {
    Param
    (
        [parameter(Mandatory = $false,Position = 0,ValueFromPipeline = $true)]
        $Array
    )
    Process {
        if ($array) {
            if ($array.Count) {
                $count = $array.Count
            }
            else {
                $count = 1
            }
        }
        else {
            $count = 0
        }
    }
    End {
        return $count
    }
}

function New-VSError {
    <#
    .SYNOPSIS
    Error generator function to use in tandem with $PSCmdlet.ThrowTerminatingError()
    
    .PARAMETER Result
    Allows input of an error from AWS SDK, resulting in the Exception message being parsed out.
    
    .PARAMETER String
    Used to create basic String message errors in the same wrapper
    #>

    [cmdletbinding(DefaultParameterSetName="Result")]
    param(
        [parameter(Position=0,ParameterSetName="Result")]
        $Result,
        [parameter(Position=0,ParameterSetName="String")]
        $String
    )
    switch ($PSCmdlet.ParameterSetName) {
        Result { $Exception = "$($result.Exception.InnerException.Message)" }
        String { $Exception = "$String" }
    }
    $e = New-Object "System.Exception" $Exception
    $errorRecord = New-Object 'System.Management.Automation.ErrorRecord' $e, $null, ([System.Management.Automation.ErrorCategory]::InvalidOperation), $null
    return $errorRecord
}

function ResolveS3Endpoint {
    <#
    .SYNOPSIS
    Resolves the S3 endpoint most appropriate for each region.
    #>

    Param
    (
      [parameter(Mandatory=$true,Position=0)]
      [ValidateSet("eu-west-2","ap-south-1","us-east-2","sa-east-1","us-west-1","us-west-2","eu-west-1","ap-southeast-2","ca-central-1","ap-northeast-2","us-east-1","eu-central-1","ap-southeast-1","ap-northeast-1")]
      [String]
      $Region
    )
    $endpointMap = @{
        "us-east-2" = "s3.us-east-2.amazonaws.com"
        "us-east-1" = "s3.amazonaws.com"
        "us-west-1" = "s3-us-west-1.amazonaws.com"
        "us-west-2" = "s3-us-west-2.amazonaws.com"
        "ca-central-1" = "s3.ca-central-1.amazonaws.com"
        "ap-south-1" = "s3.ap-south-1.amazonaws.com"
        "ap-northeast-2" = "s3.ap-northeast-2.amazonaws.com"
        "ap-southeast-1" = "s3-ap-southeast-1.amazonaws.com"
        "ap-southeast-2" = "s3-ap-southeast-2.amazonaws.com"
        "ap-northeast-1" = "s3-ap-northeast-1.amazonaws.com"
        "eu-central-1" = "s3.eu-central-1.amazonaws.com"
        "eu-west-1" = "s3-eu-west-1.amazonaws.com"
        "eu-west-2" = "s3.eu-west-2.amazonaws.com"
        "sa-east-1" = "s3-sa-east-1.amazonaws.com"
    }
    return $endpointMap[$Region]
}

function Add-VSGuardDutyDetectorCFNDataSourceConfigurations {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Detector.CFNDataSourceConfigurations resource property to the template.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Detector.CFNDataSourceConfigurations resource property to the template.


    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html

    .PARAMETER S3Logs
        Type: CFNS3LogsConfiguration
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-s3logs
        UpdateType: Mutable

    .PARAMETER Kubernetes
        Type: CFNKubernetesConfiguration
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-kubernetes
        UpdateType: Mutable

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyDetectorCFNDataSourceConfigurations])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $false)]
        $S3Logs,
        [parameter(Mandatory = $false)]
        $Kubernetes
    )
    Process {
        $obj = [GuardDutyDetectorCFNDataSourceConfigurations]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNDataSourceConfigurations'

function Add-VSGuardDutyDetectorCFNKubernetesAuditLogsConfiguration {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Detector.CFNKubernetesAuditLogsConfiguration resource property to the template.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Detector.CFNKubernetesAuditLogsConfiguration resource property to the template.


    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html

    .PARAMETER Enable
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html#cfn-guardduty-detector-cfnkubernetesauditlogsconfiguration-enable
        PrimitiveType: Boolean
        UpdateType: Mutable

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyDetectorCFNKubernetesAuditLogsConfiguration])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $false)]
        [object]
        $Enable
    )
    Process {
        $obj = [GuardDutyDetectorCFNKubernetesAuditLogsConfiguration]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNKubernetesAuditLogsConfiguration'

function Add-VSGuardDutyDetectorCFNKubernetesConfiguration {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Detector.CFNKubernetesConfiguration resource property to the template.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Detector.CFNKubernetesConfiguration resource property to the template.


    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html

    .PARAMETER AuditLogs
        Type: CFNKubernetesAuditLogsConfiguration
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html#cfn-guardduty-detector-cfnkubernetesconfiguration-auditlogs
        UpdateType: Mutable

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyDetectorCFNKubernetesConfiguration])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $false)]
        $AuditLogs
    )
    Process {
        $obj = [GuardDutyDetectorCFNKubernetesConfiguration]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNKubernetesConfiguration'

function Add-VSGuardDutyDetectorCFNS3LogsConfiguration {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Detector.CFNS3LogsConfiguration resource property to the template.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Detector.CFNS3LogsConfiguration resource property to the template.


    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html

    .PARAMETER Enable
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html#cfn-guardduty-detector-cfns3logsconfiguration-enable
        PrimitiveType: Boolean
        UpdateType: Mutable

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyDetectorCFNS3LogsConfiguration])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $false)]
        [object]
        $Enable
    )
    Process {
        $obj = [GuardDutyDetectorCFNS3LogsConfiguration]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'Add-VSGuardDutyDetectorCFNS3LogsConfiguration'

function Add-VSGuardDutyFilterCondition {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Filter.Condition resource property to the template. Specifies the condition to apply to a single field when filtering through GuardDuty findings.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Filter.Condition resource property to the template.
Specifies the condition to apply to a single field when filtering through GuardDuty findings.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html

    .PARAMETER Lt
        Represents the less than condition to apply to a single field when querying for findings.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lt
        PrimitiveType: Integer
        UpdateType: Mutable

    .PARAMETER Gte
        Represents the greater than or equal condition to apply to a single field when querying for findings.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-gte
        PrimitiveType: Integer
        UpdateType: Mutable

    .PARAMETER Neq
        Represents the not equal condition to apply to a single field when querying for findings.

        PrimitiveItemType: String
        Type: List
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-neq
        UpdateType: Mutable

    .PARAMETER Eq
        Represents the equal condition to apply to a single field when querying for findings.

        PrimitiveItemType: String
        Type: List
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-eq
        UpdateType: Mutable

    .PARAMETER Lte
        Represents the less than or equal condition to apply to a single field when querying for findings.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lte
        PrimitiveType: Integer
        UpdateType: Mutable

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyFilterCondition])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $false)]
        [object]
        $Lt,
        [parameter(Mandatory = $false)]
        [object]
        $Gte,
        [parameter(Mandatory = $false)]
        $Neq,
        [parameter(Mandatory = $false)]
        $Eq,
        [parameter(Mandatory = $false)]
        [object]
        $Lte
    )
    Process {
        $obj = [GuardDutyFilterCondition]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'Add-VSGuardDutyFilterCondition'

function Add-VSGuardDutyFilterFindingCriteria {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Filter.FindingCriteria resource property to the template. Represents a map of finding properties that match specified conditions and values when querying findings.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Filter.FindingCriteria resource property to the template.
Represents a map of finding properties that match specified conditions and values when querying findings.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html

    .PARAMETER Criterion
        Represents a map of finding properties that match specified conditions and values when querying findings.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-criterion
        PrimitiveType: Json
        UpdateType: Mutable

    .PARAMETER ItemType
        Specifies the condition to be applied to a single field when filtering through findings.

        Type: Condition
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-itemtype
        UpdateType: Mutable

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyFilterFindingCriteria])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $false)]
        [VSJson]
        $Criterion,
        [parameter(Mandatory = $false)]
        $ItemType
    )
    Process {
        $obj = [GuardDutyFilterFindingCriteria]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'Add-VSGuardDutyFilterFindingCriteria'

function New-VSGuardDutyDetector {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Detector resource to the template. The AWS::GuardDuty::Detector resource specifies a new Amazon GuardDuty detector. A detector is an object that represents the Amazon GuardDuty service. A detector is required for Amazon GuardDuty to become operational.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Detector resource to the template. The AWS::GuardDuty::Detector resource specifies a new Amazon GuardDuty detector. A detector is an object that represents the Amazon GuardDuty service. A detector is required for Amazon GuardDuty to become operational.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html

    .PARAMETER LogicalId
        The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

    .PARAMETER FindingPublishingFrequency
        A enumeration value that specifies how frequently finding updates are published. Valid values include: FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS. The default value is SIX_HOURS.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-findingpublishingfrequency
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER DataSources
        Type: CFNDataSourceConfigurations
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-datasources
        UpdateType: Mutable

    .PARAMETER Enable
        Specifies whether or not to enable the detector.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-enable
        PrimitiveType: Boolean
        UpdateType: Mutable

    .PARAMETER DeletionPolicy
        With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

        To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER UpdateReplacePolicy
        Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

        When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource.

        For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance.

        You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources.

        The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets.

        Note
        Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope.

        UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER DependsOn
        With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

        This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created.


    .PARAMETER Metadata
        The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values.

        This will be returned when describing the resource using AWS CLI.


    .PARAMETER UpdatePolicy
        Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group.

        You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here.
    .PARAMETER Condition
        Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned.

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyDetector])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $true,Position = 0)]
        [ValidateLogicalId()]
        [string]
        $LogicalId,
        [parameter(Mandatory = $false)]
        [object]
        $FindingPublishingFrequency,
        [parameter(Mandatory = $false)]
        $DataSources,
        [parameter(Mandatory = $true)]
        [object]
        $Enable,
        [parameter()]
        [DeletionPolicy]
        $DeletionPolicy,
        [parameter()]
        [UpdateReplacePolicy]
        $UpdateReplacePolicy,
        [parameter(Mandatory = $false)]
        [string[]]
        $DependsOn,
        [parameter(Mandatory = $false)]
        [VSJson]
        $Metadata,
        [parameter(Mandatory = $false)]
        [UpdatePolicy]
        $UpdatePolicy,
        [parameter(Mandatory = $false)]
        [string]
        $Condition
    )
    Process {
        $obj = [GuardDutyDetector]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'New-VSGuardDutyDetector'

function New-VSGuardDutyFilter {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Filter resource to the template. The AWS::GuardDuty::Filter resource specifies a new filter defined by the provided findingCriteria.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Filter resource to the template. The AWS::GuardDuty::Filter resource specifies a new filter defined by the provided findingCriteria.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html

    .PARAMETER LogicalId
        The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

    .PARAMETER Action
        Specifies the action that is to be applied to the findings that match the filter.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-action
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER Description
        The description of the filter.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-description
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER DetectorId
        The ID of the detector to associate the Filter with.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-detectorid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER FindingCriteria
        Represents the criteria to be used in the filter for querying findings.

        Type: FindingCriteria
        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-findingcriteria
        UpdateType: Mutable

    .PARAMETER Rank
        Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-rank
        PrimitiveType: Integer
        UpdateType: Mutable

    .PARAMETER Name
        The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot ., underscore _, and dash -. Spaces are not allowed.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-name
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER DeletionPolicy
        With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

        To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER UpdateReplacePolicy
        Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

        When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource.

        For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance.

        You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources.

        The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets.

        Note
        Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope.

        UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER DependsOn
        With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

        This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created.


    .PARAMETER Metadata
        The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values.

        This will be returned when describing the resource using AWS CLI.


    .PARAMETER UpdatePolicy
        Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group.

        You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here.
    .PARAMETER Condition
        Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned.

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyFilter])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $true,Position = 0)]
        [ValidateLogicalId()]
        [string]
        $LogicalId,
        [parameter(Mandatory = $true)]
        [object]
        $Action,
        [parameter(Mandatory = $true)]
        [object]
        $Description,
        [parameter(Mandatory = $true)]
        [object]
        $DetectorId,
        [parameter(Mandatory = $true)]
        $FindingCriteria,
        [parameter(Mandatory = $true)]
        [object]
        $Rank,
        [parameter(Mandatory = $true)]
        [object]
        $Name,
        [parameter()]
        [DeletionPolicy]
        $DeletionPolicy,
        [parameter()]
        [UpdateReplacePolicy]
        $UpdateReplacePolicy,
        [parameter(Mandatory = $false)]
        [string[]]
        $DependsOn,
        [parameter(Mandatory = $false)]
        [VSJson]
        $Metadata,
        [parameter(Mandatory = $false)]
        [UpdatePolicy]
        $UpdatePolicy,
        [parameter(Mandatory = $false)]
        [string]
        $Condition
    )
    Process {
        $obj = [GuardDutyFilter]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'New-VSGuardDutyFilter'

function New-VSGuardDutyIPSet {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::IPSet resource to the template. The AWS::GuardDuty::IPSet resource specifies a new IPSet. An IPSet is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications.

    .DESCRIPTION
        Adds an AWS::GuardDuty::IPSet resource to the template. The AWS::GuardDuty::IPSet resource specifies a new IPSet. An IPSet is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html

    .PARAMETER LogicalId
        The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

    .PARAMETER Format
        The format of the file that contains the IPSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-format
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER Activate
        Indicated whether or not GuardDuty uses the IPSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-activate
        PrimitiveType: Boolean
        UpdateType: Mutable

    .PARAMETER DetectorId
        The unique ID of the detector for the GuardDuty service to associate the IPSet with.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-detectorid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER Name
        The name for the IPSet. This name is displayed in all findings that are triggered by activity associated with the IP addresses included in this IPSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-name
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER Location
        The URI of the file that contains the IPSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-location
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER DeletionPolicy
        With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

        To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER UpdateReplacePolicy
        Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

        When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource.

        For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance.

        You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources.

        The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets.

        Note
        Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope.

        UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER DependsOn
        With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

        This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created.


    .PARAMETER Metadata
        The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values.

        This will be returned when describing the resource using AWS CLI.


    .PARAMETER UpdatePolicy
        Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group.

        You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here.
    .PARAMETER Condition
        Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned.

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyIPSet])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $true,Position = 0)]
        [ValidateLogicalId()]
        [string]
        $LogicalId,
        [parameter(Mandatory = $true)]
        [object]
        $Format,
        [parameter(Mandatory = $true)]
        [object]
        $Activate,
        [parameter(Mandatory = $true)]
        [object]
        $DetectorId,
        [parameter(Mandatory = $false)]
        [object]
        $Name,
        [parameter(Mandatory = $true)]
        [object]
        $Location,
        [parameter()]
        [DeletionPolicy]
        $DeletionPolicy,
        [parameter()]
        [UpdateReplacePolicy]
        $UpdateReplacePolicy,
        [parameter(Mandatory = $false)]
        [string[]]
        $DependsOn,
        [parameter(Mandatory = $false)]
        [VSJson]
        $Metadata,
        [parameter(Mandatory = $false)]
        [UpdatePolicy]
        $UpdatePolicy,
        [parameter(Mandatory = $false)]
        [string]
        $Condition
    )
    Process {
        $obj = [GuardDutyIPSet]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'New-VSGuardDutyIPSet'

function New-VSGuardDutyMaster {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Master resource to the template. You can use the AWS::GuardDuty::Master resource in a GuardDuty member account to accept an invitation from a GuardDuty master account. The invitation to the member account must be sent prior to using the AWS::GuardDuty::Master resource to accept the master account's invitation. You can invite a member account by using the InviteMembers operation of the Amazon GuardDuty API, or by creating an AWS::GuardDuty::Member resource.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Master resource to the template. You can use the AWS::GuardDuty::Master resource in a GuardDuty member account to accept an invitation from a GuardDuty master account. The invitation to the member account must be sent prior to using the AWS::GuardDuty::Master resource to accept the master account's invitation. You can invite a member account by using the InviteMembers operation of the Amazon GuardDuty API, or by creating an AWS::GuardDuty::Member resource.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html

    .PARAMETER LogicalId
        The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

    .PARAMETER DetectorId
        The unique ID of the detector associated with the GuardDuty master account.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-detectorid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER MasterId
        The AWS account ID of the account designated as the GuardDuty master account.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-masterid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER InvitationId
        The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-invitationid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER DeletionPolicy
        With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

        To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER UpdateReplacePolicy
        Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

        When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource.

        For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance.

        You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources.

        The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets.

        Note
        Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope.

        UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER DependsOn
        With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

        This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created.


    .PARAMETER Metadata
        The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values.

        This will be returned when describing the resource using AWS CLI.


    .PARAMETER UpdatePolicy
        Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group.

        You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here.
    .PARAMETER Condition
        Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned.

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyMaster])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $true,Position = 0)]
        [ValidateLogicalId()]
        [string]
        $LogicalId,
        [parameter(Mandatory = $true)]
        [object]
        $DetectorId,
        [parameter(Mandatory = $true)]
        [object]
        $MasterId,
        [parameter(Mandatory = $false)]
        [object]
        $InvitationId,
        [parameter()]
        [DeletionPolicy]
        $DeletionPolicy,
        [parameter()]
        [UpdateReplacePolicy]
        $UpdateReplacePolicy,
        [parameter(Mandatory = $false)]
        [string[]]
        $DependsOn,
        [parameter(Mandatory = $false)]
        [VSJson]
        $Metadata,
        [parameter(Mandatory = $false)]
        [UpdatePolicy]
        $UpdatePolicy,
        [parameter(Mandatory = $false)]
        [string]
        $Condition
    )
    Process {
        $obj = [GuardDutyMaster]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'New-VSGuardDutyMaster'

function New-VSGuardDutyMember {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::Member resource to the template. You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty master account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

    .DESCRIPTION
        Adds an AWS::GuardDuty::Member resource to the template. You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty master account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html

    .PARAMETER LogicalId
        The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

    .PARAMETER Status
        You can use the Status property to update the status of the relationship between the member account and its master account. Valid values are Created and Invited when using a AWS::GuardDuty::Member resource. If the value for this property is not provided or set to Created, a member account is created but not invited. If the value of this property is set to Invited, a member account is created and invited.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-status
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER MemberId
        The AWS account ID of the account to designate as a member.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-memberid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER Email
        The email address associated with the member account.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-email
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER Message
        The message to include with the invitation sent to the member accounts.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-message
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER DisableEmailNotification
        Specifies whether or not to disable email notification for the member account that you invite.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-disableemailnotification
        PrimitiveType: Boolean
        UpdateType: Mutable

    .PARAMETER DetectorId
        The ID of the detector associated with the GuardDuty service to add the member to.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-detectorid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER DeletionPolicy
        With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

        To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER UpdateReplacePolicy
        Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

        When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource.

        For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance.

        You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources.

        The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets.

        Note
        Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope.

        UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER DependsOn
        With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

        This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created.


    .PARAMETER Metadata
        The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values.

        This will be returned when describing the resource using AWS CLI.


    .PARAMETER UpdatePolicy
        Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group.

        You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here.
    .PARAMETER Condition
        Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned.

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyMember])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $true,Position = 0)]
        [ValidateLogicalId()]
        [string]
        $LogicalId,
        [parameter(Mandatory = $false)]
        [object]
        $Status,
        [parameter(Mandatory = $true)]
        [object]
        $MemberId,
        [parameter(Mandatory = $true)]
        [object]
        $Email,
        [parameter(Mandatory = $false)]
        [object]
        $Message,
        [parameter(Mandatory = $false)]
        [object]
        $DisableEmailNotification,
        [parameter(Mandatory = $true)]
        [object]
        $DetectorId,
        [parameter()]
        [DeletionPolicy]
        $DeletionPolicy,
        [parameter()]
        [UpdateReplacePolicy]
        $UpdateReplacePolicy,
        [parameter(Mandatory = $false)]
        [string[]]
        $DependsOn,
        [parameter(Mandatory = $false)]
        [VSJson]
        $Metadata,
        [parameter(Mandatory = $false)]
        [UpdatePolicy]
        $UpdatePolicy,
        [parameter(Mandatory = $false)]
        [string]
        $Condition
    )
    Process {
        $obj = [GuardDutyMember]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'New-VSGuardDutyMember'

function New-VSGuardDutyThreatIntelSet {
    <#
    .SYNOPSIS
        Adds an AWS::GuardDuty::ThreatIntelSet resource to the template. The AWS::GuardDuty::ThreatIntelSet resource specifies a new ThreatIntelSet. A ThreatIntelSet consists of known malicious IP addresses. GuardDuty generates findings based on the ThreatIntelSet when it is activated.

    .DESCRIPTION
        Adds an AWS::GuardDuty::ThreatIntelSet resource to the template. The AWS::GuardDuty::ThreatIntelSet resource specifies a new ThreatIntelSet. A ThreatIntelSet consists of known malicious IP addresses. GuardDuty generates findings based on the ThreatIntelSet when it is activated.

    .LINK
        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html

    .PARAMETER LogicalId
        The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template. Use the logical name to reference the resource in other parts of the template. For example, if you want to map an Amazon Elastic Block Store volume to an Amazon EC2 instance, you reference the logical IDs to associate the block stores with the instance.

    .PARAMETER Format
        The format of the file that contains the ThreatIntelSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-format
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER Activate
        Specifies whether or not GuardDuty uses the ThreatIntelSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-activate
        PrimitiveType: Boolean
        UpdateType: Mutable

    .PARAMETER DetectorId
        The ID of the detector to associate the ThreatIntelSet with.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-detectorid
        PrimitiveType: String
        UpdateType: Immutable

    .PARAMETER Name
        A name for the ThreatIntelSet. The name is displayed in all finding generated by activity associated with the IP addresses included in this ThreatIntelSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-name
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER Location
        The URI of the file that contains the ThreatIntelSet.

        Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-location
        PrimitiveType: String
        UpdateType: Mutable

    .PARAMETER DeletionPolicy
        With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default.

        To keep a resource when its stack is deleted, specify Retain for that resource. You can use retain for any resource. For example, you can retain a nested stack, S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER UpdateReplacePolicy
        Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

        When you initiate a stack update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template and parameters. If you update a resource property that requires that the resource be replaced, AWS CloudFormation recreates the resource during the update. Recreating the resource generates a new physical ID. AWS CloudFormation creates the replacement resource first, and then changes references from other dependent resources to point to the replacement resource. By default, AWS CloudFormation then deletes the old resource. Using the UpdateReplacePolicy, you can specify that AWS CloudFormation retain or (in some cases) create a snapshot of the old resource.

        For resources that support snapshots, such as AWS::EC2::Volume, specify Snapshot to have AWS CloudFormation create a snapshot before deleting the old resource instance.

        You can apply the UpdateReplacePolicy attribute to any resource. UpdateReplacePolicy is only executed if you update a resource property whose update behavior is specified as Replacement, thereby causing AWS CloudFormation to replace the old resource with a new one with a new physical ID. For example, if you update the Engine property of an AWS::RDS::DBInstance resource type, AWS CloudFormation creates a new resource and replaces the current DB instance resource with the new one. The UpdateReplacePolicy attribute would then dictate whether AWS CloudFormation deleted, retained, or created a snapshot of the old DB instance. The update behavior for each property of a resource is specified in the reference topic for that resource in the AWS Resource and Property Types Reference. For more information on resource update behavior, see Update Behaviors of Stack Resources.

        The UpdateReplacePolicy attribute applies to stack updates you perform directly, as well as stack updates performed using change sets.

        Note
        Resources that are retained continue to exist and continue to incur applicable charges until you delete those resources. Snapshots that are created with this policy continue to exist and continue to incur applicable charges until you delete those snapshots. UpdateReplacePolicy retains the old physical resource or snapshot, but removes it from AWS CloudFormation's scope.

        UpdateReplacePolicy differs from the DeletionPolicy attribute in that it only applies to resources replaced during stack updates. Use DeletionPolicy for resources deleted when a stack is deleted, or when the resource definition itself is deleted from the template as part of a stack update.

        You must use one of the following options: "Delete","Retain","Snapshot"

    .PARAMETER DependsOn
        With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.

        This parameter takes a string or list of strings representing Logical IDs of resources that must be created prior to this resource being created.


    .PARAMETER Metadata
        The Metadata attribute enables you to associate structured data with a resource. By adding a Metadata attribute to a resource, you can add data in JSON or YAML to the resource declaration. In addition, you can use intrinsic functions (such as GetAtt and Ref), parameters, and pseudo parameters within the Metadata attribute to add those interpreted values.

        This will be returned when describing the resource using AWS CLI.


    .PARAMETER UpdatePolicy
        Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup resource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a scheduled action is associated with the Auto Scaling group.

        You must use the "Add-UpdatePolicy" function or the [UpdatePolicy] class here.
    .PARAMETER Condition
        Logical ID of the condition that this resource needs to be true in order for this resource to be provisioned.

    .FUNCTIONALITY
        Vaporshell
    #>

    [OutputType([GuardDutyThreatIntelSet])]
    [cmdletbinding()]
    Param(
        [parameter(Mandatory = $true,Position = 0)]
        [ValidateLogicalId()]
        [string]
        $LogicalId,
        [parameter(Mandatory = $true)]
        [object]
        $Format,
        [parameter(Mandatory = $true)]
        [object]
        $Activate,
        [parameter(Mandatory = $true)]
        [object]
        $DetectorId,
        [parameter(Mandatory = $false)]
        [object]
        $Name,
        [parameter(Mandatory = $true)]
        [object]
        $Location,
        [parameter()]
        [DeletionPolicy]
        $DeletionPolicy,
        [parameter()]
        [UpdateReplacePolicy]
        $UpdateReplacePolicy,
        [parameter(Mandatory = $false)]
        [string[]]
        $DependsOn,
        [parameter(Mandatory = $false)]
        [VSJson]
        $Metadata,
        [parameter(Mandatory = $false)]
        [UpdatePolicy]
        $UpdatePolicy,
        [parameter(Mandatory = $false)]
        [string]
        $Condition
    )
    Process {
        $obj = [GuardDutyThreatIntelSet]::new($PSBoundParameters)
        Write-Debug "$($MyInvocation.MyCommand) PSBoundParameters:`n$($PSBoundParameters | ConvertTo-Json -Depth 20 | Format-Json)"
        Write-Verbose "Resulting object from $($MyInvocation.MyCommand): `n$($obj.ToJson() | Format-Json)"
        $obj
    }
}

Export-ModuleMember -Function 'New-VSGuardDutyThreatIntelSet'