AWSTemplateFormatVersion: 2010-09-09 Description: Plantilla para crear solucion de notificaciones de GuardDuty Parameters: Correo: Type: AWS::SSM::Parameter::Value Description: Correo electronico para notificacion de eventos de seguridad Default: /seguridad/correo Resources: EventRule: Type: AWS::Events::Rule Properties: Description: Regla de evento CloudWatch para GuardDuty Name: detecta-evento-guardduty State: ENABLED EventPattern: { "source": [ "aws.guardduty" ], "detail-type": [ "GuardDuty Finding" ], "detail": { "severity": [ 4, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5, 5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9 ] } } # # Targets: - Arn: Ref: "GuardDutySNSTopic" Id: "target-id1" GuardDutySNSTopic: Type: "AWS::SNS::Topic" Properties: KmsMasterKeyId: aws/sns Subscription: - Endpoint: !Ref Correo Protocol: "email" TopicName: "GuardDuty-notifications" SnsTopicPolicyEventRule: Type: "AWS::SNS::TopicPolicy" Properties: PolicyDocument: Statement: - Sid: "Permitir a CloudWatch events publicar eventos" Effect: "Allow" Principal: Service: "events.amazonaws.com" Action: "sns:Publish" Resource: Ref: "GuardDutySNSTopic" Topics: - Ref: "GuardDutySNSTopic"