Invalid request provided: AWS::GuardDuty::Detector"

[huyhoang160593]

Describe the bug

I can't build the cdk app with Detector setting, they always fail no matter which option I throw to them. And the error return is not clear for me to solve the problem

Expected Behavior

build success

Current Behavior

Resource handler returned message: "Invalid request provided: AWS::GuardDuty::Detector" (RequestToken: 386124a9-63b8-fc97-1a1f-df2f79c895c2, HandlerErrorCode: InvalidRequest)

Reproduction Steps

const guardDuty = new CfnDetector(this, GUARD_DUTY_ID, {
  enable: true,
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.143.0

Framework Version

No response

Node.js Version

20.10.0

OS

Linux

Language

TypeScript

Language Version

Typescript 5.4.5

Other information

No response

[pahud]

This is a L1 construct and is pretty mush 1:1 mapping to the CFN resource.

Are you able to create that with the examples provided in the CFN doc here?

[huyhoang160593]

@pahud I'm only using CDK and don't know how to use CFN, but with translate to cdk, the same thing happen and I'm stuck with those errors above

[beastlyDartfordian]

This seems to be pretty inconsistent, as I'm having a similar issue. I managed to get a it working for a simple setup like yours no problem, and when I add dataSources it continues to work.

However when I add the "features" section as below I also get an Invalid request provided error:

const guardDuty = new cdk.aws_guardduty.CfnDetector(this, 'GuardDutyDetector', {
            enable: true,
            findingPublishingFrequency: PublishingFrequency.ONE_HOUR,
            dataSources: {
                kubernetes: {
                    auditLogs: {
                        enable: true,
                    },
                },
                malwareProtection: {
                    scanEc2InstanceWithFindings: {
                        ebsVolumes: true,
                    },
                },
                s3Logs: {
                    enable: true,
                },
            },
            features: [
              {
                name: "RUNTIME_MONITORING",
                status: 'ENABLED',
              }
            ],
        });

[mparmer]

I am also having this problem.. I am trying to add features through cloudformation, and getting the same errors as you guys

  Detector:
    Type: AWS::GuardDuty::Detector
    Properties:
      Enable: True
      FindingPublishingFrequency: ONE_HOUR
      DataSources:
        S3Logs:
          Enable: true
      Features:
      - Name: RUNTIME_MONITORING
        Status: ENABLED

`Resource handler returned message: "Invalid request provided: AWS::GuardDuty::Detector" (RequestToken: xxxx, HandlerErrorCode: InvalidRequest)```

[mparmer]

Well.. This is a contradictory error.. I found while digging into cloudtrail that there are some UpdateDetector listings. Looking at those I was able to find this error message. "The request failed because both data sources and features were provided. You can provide only one; it is recommended to use features.". I would guess that if you look at your cloudtrail console and find the UpdateDetector entries, you'll find out what the real error messages are.

[MightySepp666]

@mparmer thanks for the tip to look into CloudTrail - saved me hours of stupid trial and error 🙏 (as it is usually the case with this 🤬 useless generic error messages of CloudFormation...).

Just in case anyone else stumbles across this issue: there are several different reasons for this generic deployment error (like specifying certain combinations of features together or if you provide feature names, that can be returned but are not allowed as input). Of course there's no decent documentation about that. But after filtering for UpdateDetector events in CloudTrail, you can see the actual error message in responseElements and fix these issues one by one.

It would be really great, if these checks could already be performed upfront in a L2 construct, as it would tremendously reduce the wasted time of developers.

[spensireli]

I am having a similar issue when trying to build an L2 construct. It seems the generated L1 construct is not complete. If you look at the documentation for CfnDetector construct and attempt to use the provided example typescript you will receive:

Object literal may only specify known properties, and 'kubernetes' does not exist in type 'IResolvable | CFNDataSourceConfigurationsProperty'.ts(2353)

Same goes for malware protection and features. If you look at the generated construct guardduty.generated.d.ts code.

export declare namespace CfnDetector {
    /**
     * @external
     * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html
     */
    interface CFNDataSourceConfigurationsProperty {
        /**
         * `CfnDetector.CFNDataSourceConfigurationsProperty.S3Logs`.
         *
         * @external
         * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-s3logs
         */
        readonly s3Logs?: CfnDetector.CFNS3LogsConfigurationProperty | cdk.IResolvable;
    }
}

You can see that it seems to be missing the properties mentioned in the CloudFormation documentation. I could be mistaken, but any guidance would be appreciated.