-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for GuardDuty Member Detector Features #35625
base: main
Are you sure you want to change the base?
Support for GuardDuty Member Detector Features #35625
Conversation
Community NoteVoting for Prioritization
For Submitters
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Welcome @autero1 👋
It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.
Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.
Thanks again, and welcome to the community! 😃
Oh... looks like I should've read this first: #32917 |
Thank you for your contribution! 🚀 Please note that typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. Remove any changes to the Additional details:
|
Output from acc tests after refactor:
|
Seeing some traction on this issue would be greatly appreciated, I have some accounts where we'd prefer guard duty not to inspect the s3 logs, while for others this is needed and to be able to control it via terrafrom would be great |
Happy to finish this up. Don't really know if something is expected of me or is it just queued for approval. |
# Conflicts: # internal/service/guardduty/service_endpoints_gen_test.go # names/data/names_data.csv
Description
This PR adds support for configuring AWS GuardDuty Member Detector Features, e.g.
Gotchas
Deleting the resource
When deleted (as many other existing GuarDuty Org features, such as guardduty_organization_configuration_feature), just removes the resource from state without disabling the resource.
Eventual consistency
When you use
aws_guardduty_organization_configuration
and setauto_enable_organization_members = "ALL"
and try to use the resource for configuring member features, you keep hitting this:This is likely due to eventual consistency with the member accounts. My original test strategy was exactly this, but I just gave up. This definitely has serious implications on the usability as you most likely would use these resources together. Ended up testing with a prepared env where you already have an existing member account.
Random order of additional configuration
I keep hitting an issue where the API returns the additional configuration in random order and you get a perpetual diff - causing test failures and general annoyance 😅 . This is why the tests have some checks disabled atm.
Relations
Closes #26168
References
https://docs.aws.amazon.com/guardduty/latest/APIReference/API_UpdateMemberDetectors.html
Output from Acceptance Testing