fix: add validation of GuardDuty filter name

This addresses issue #19893.
hashicorp · Sep 24, 2021 · 931f43f · 931f43f
1 parent 0d2146c
commit 931f43f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/aws/resource_aws_guardduty_filter.go b/aws/resource_aws_guardduty_filter.go
@@ -40,7 +40,11 @@ func resourceAwsGuardDutyFilter() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.StringLenBetween(3, 64),
+				validateFunc: validation.All(
+					validation.StringLenBetween(3, 64),
+					validation.StringMatch(regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`),
+						"only alphanumeric characters, hyphens, underscores, and periods are allowed"),
+				)
 			},
 			"description": {
 				Type:         schema.TypeString,

diff --git a/website/docs/r/guardduty_filter.html.markdown b/website/docs/r/guardduty_filter.html.markdown
@@ -49,7 +49,7 @@ resource "aws_guardduty_filter" "MyFilter" {
 The following arguments are supported:
 
 * `detector_id` - (Required) ID of a GuardDuty detector, attached to your account.
-* `name` - (Required) The name of your filter.
+* `name` - (Required) The name of your filter. Names can be between 3 and 64 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).
 * `description` - (Optional) Description of the filter.
 * `rank` - (Required) Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
 * `action` - (Required) Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.