[Enhancement]: aws_guardduty_detector RDS support

[cvlc]

Description

Amazon GuardDuty RDS protection is now in feature preview but the Terraform resource does not yet support it.

It would be great if it was supported by the Terraform resource so it could be easily enabled for those using GuardDuty and the most popular IaaC tool.

Affected Resource(s) and/or Data Source(s)

• resource: aws_guardduty_detector
• data: aws_guardduty_detector

Potential Terraform Configuration

resource "aws_guardduty_detector" "MyDetector" {
  enable = true

  datasources {
    s3_logs {
      enable = true
    }
    rds {
      enable = true
    }
    kubernetes {
      audit_logs {
        enable = false
      }
    }
    malware_protection {
      scan_ec2_instance_with_findings {
        ebs_volumes {
          enable = true
        }
      }
    }
  }
}

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-guardduty-rds-protection-preview/ https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[javierbeaumont]

Please, same enhancement for aws_guardduty_organization_configuration resource.

[pippin-wallace]

Does this need to be out of preview prior to being supported?

[theonlysinjin]

Bumped into this now too.

Is the issue that there is no way to enable it via the API like the others? If I look at the aws api docs it's not listed.

And as part of the GuardDuty docs mentioned above, the RDS page only has a console method to enable it, the others have API examples.

[lawliet89]

This feature has gone GA: https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-guardduty-rds-protection-aurora-generally-available/

[lawliet89]

At the time of writing, this option is (still) missing from the API and is not possible to implement: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DataSourceConfigurations.html

[ttmh1001]

Documentation for the MemberFeaturesConfiguration is now updated for RDS_LOGIN_EVENTS, strangely enough the documentation for DataSourceConfigurations is still missing this? https://docs.aws.amazon.com/guardduty/latest/APIReference/API_MemberFeaturesConfiguration.html

Does this mean we will see the Terraform GuardDuty Detector support this soon? https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector

[sakojun]

The use of dataSources is deprecated and the use of features is recommended. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-feature-object-api-changes-march2023.html

[Galal-Eltfawy]

any plans for adding RDS protection and EKS runtime monitoring?

[cookiesowns]

Bump. Would be great to get the EKS runtime monitoring flags for guardduty As otherwise the EKS guardduty addon resource will fail to create in terraform if you don't already have it enabled.

[cyn110]

Bump please now that GuardDuty RDS is officially launched.

[ewbankkit]

You will be able to use the upcoming aws_guardduty_detector_feature resource (https://github.com/hashicorp/terraform-provider-aws/pull/31463):

resource "aws_guardduty_detector" "example" {
  enable = true
}

resource "aws_guardduty_detector_feature" "example" {
  detector_id = aws_guardduty_detector.example.id
  name        = "RDS_LOGIN_EVENTS"
  status      = "ENABLED"
}

[github-actions[bot]]

This functionality has been released in v5.20.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.