Syntax Properties Return values Examples

AWS::Macie::FindingsFilter

The AWS::Macie::FindingsFilter resource specifies a findings filter. In Amazon Macie, a findings filter, also referred to as a filter rule, is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. The criteria can help you identify and focus on findings that have specific characteristics, such as severity, type, or the name of an affected AWS resource. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see Filtering Macie findings in the Amazon Macie User Guide.

An AWS::Macie::Session resource must exist for an AWS account before you can create an AWS::Macie::FindingsFilter resource for the account. Use a DependsOn attribute to ensure that an AWS::Macie::Session resource is created before other Macie resources are created for an account. For example, "DependsOn": "Session".

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Macie::FindingsFilter",
  "Properties" : {
      "Action" : String,
      "Description" : String,
      "FindingCriteria" : FindingCriteria,
      "Name" : String,
      "Position" : Integer,
      "Tags" : [ Tag, ... ]
    }
}

YAML


Type: AWS::Macie::FindingsFilter
Properties:
  Action: String
  Description: String
  FindingCriteria: 
    FindingCriteria
  Name: String
  Position: Integer
  Tags: 
    - Tag

Properties

Action

The action to perform on findings that match the filter criteria (FindingCriteria). Valid values are:

ARCHIVE - Suppress (automatically archive) the findings.
NOOP - Don't perform any action on the findings.

Required: No

Type: String

Allowed values: ARCHIVE | NOOP

Update requires: No interruption

Description

A custom description of the findings filter. The description can contain 1-512 characters.

Avoid including sensitive data in the description. Users of the account might be able to see the description, depending on the actions that they're allowed to perform in Amazon Macie.

Required: No

Type: String

Update requires: No interruption

FindingCriteria

The criteria to use to filter findings.

Required: Yes

Type: FindingCriteria

Update requires: No interruption

Name

A custom name for the findings filter. The name can contain 3-64 characters.

Avoid including sensitive data in the name. Users of the account might be able to see the name, depending on the actions that they're allowed to perform in Amazon Macie.

Required: Yes

Type: String

Update requires: No interruption

Position

The position of the findings filter in the list of saved filter rules on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to findings.

Required: No

Type: Integer

Update requires: No interruption

Tags

An array of key-value pairs to apply to the findings filter.

For more information, see Resource tag.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the FindingsFilter. For example, { "Ref": "FindingsFilter" }.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn: The Amazon Resource Name (ARN) of the findings filter.
Id: The unique identifier for the findings filter.

Examples

The following example demonstrates how to declare an AWS::Macie::FindingsFilter resource.

Creating a findings filter that filters by account ID

This example creates a findings filter that suppresses (automatically archives) findings for AWS resources that are owned by a specific account (123456789012).

JSON


{
    "Type": "AWS::Macie::FindingsFilter",
    "DependsOn": "Session",
    "Properties": {
        "Action": "ARCHIVE",
        "Description": "My custom findings filter",
        "FindingCriteria": {
            "Criterion": {
                "accountId": {
                    "eq": [
                        "123456789012"
                    ]
                }
            }
        },
        "Name": "MyFilterName",
        "Position": 1,
        "Tags": [
            {
                "Key": "CostCenter",
                "Value": "CC12345"
            }
        ]

    }
}

YAML


Type: 'AWS::Macie::FindingsFilter'
DependsOn: Session
Properties:
  Action: ARCHIVE
  Description: My custom findings filter
  FindingCriteria:
    Criterion:
      accountId:
        eq:
          - '123456789012'
  Name: MyFilterName
  Position: 1
  Tags:
    - Key: CostCenter
      Value: CC12345

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag

CriterionAdditionalProperties