PublishingDestination
Learn how to create, update, and manage AWS GuardDuty PublishingDestinations using Alchemy Cloud Control.
The PublishingDestination resource lets you manage AWS GuardDuty PublishingDestinations for exporting findings to external destinations such as Amazon S3 or AWS Security Hub.
Minimal Example
Section titled “Minimal Example”Create a basic PublishingDestination with required properties and one optional tag.
import AWS from "alchemy/aws/control";
const publishingDestination = await AWS.GuardDuty.PublishingDestination("MyPublishingDestination", {  DetectorId: "abcd1234efgh5678ijkl9012mnop3456qrstuvwx", // Replace with your actual detector ID  DestinationType: "S3",  DestinationProperties: {    BucketArn: "arn:aws:s3:::my-guardduty-findings-bucket",    KmsKeyArn: "arn:aws:kms:us-east-1:123456789012:key/my-kms-key" // Optional, if using KMS  },  Tags: [    {      Key: "Environment",      Value: "Production"    }  ]});Advanced Configuration
Section titled “Advanced Configuration”Configure a PublishingDestination with additional properties including a KMS key for enhanced security.
const securePublishingDestination = await AWS.GuardDuty.PublishingDestination("SecurePublishingDestination", {  DetectorId: "abcd1234efgh5678ijkl9012mnop3456qrstuvwx", // Replace with your actual detector ID  DestinationType: "S3",  DestinationProperties: {    BucketArn: "arn:aws:s3:::my-secure-guardduty-findings-bucket",    KmsKeyArn: "arn:aws:kms:us-west-2:123456789012:key/my-secure-kms-key" // Specify KMS key for encryption  },  Tags: [    {      Key: "Project",      Value: "GuardDuty"    },    {      Key: "Confidentiality",      Value: "High"    }  ]});Adoption of Existing Resource
Section titled “Adoption of Existing Resource”If you want to adopt an existing PublishingDestination without failing, you can set the adopt property to true.
const existingPublishingDestination = await AWS.GuardDuty.PublishingDestination("AdoptExistingDestination", {  DetectorId: "abcd1234efgh5678ijkl9012mnop3456qrstuvwx", // Replace with your actual detector ID  DestinationType: "S3",  DestinationProperties: {    BucketArn: "arn:aws:s3:::my-existing-guardduty-findings-bucket"  },  adopt: true // Adopt existing resource});