Upload terraform/modules/guardduty/main.tf with huggingface_hub

terraform/modules/guardduty/main.tf

@@ -0,0 +1,47 @@
+# =============================================================================
+# AWS GuardDuty — Threat Detection
+# =============================================================================
+
+resource "aws_guardduty_detector" "this" {
+  enable = true
+
+  datasources {
+    s3_logs {
+      enable = true
+    }
+    kubernetes {
+      audit_logs {
+        enable = true
+      }
+    }
+    malware_protection {
+      scan_ec2_instance_with_findings {
+        ebs_volumes {
+          enable = true
+        }
+      }
+    }
+  }
+
+  finding_publishing_frequency = "FIFTEEN_MINUTES"
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-guardduty"
+  })
+}
+
+# Auto-publish findings to S3 + CloudWatch
+resource "aws_guardduty_publishing_destination" "s3" {
+  detector_id     = aws_guardduty_detector.this.id
+  destination_type = "S3"
+  destination_arn  = var.findings_bucket_arn
+}
+
+# IP set for known malicious IPs
+resource "aws_guardduty_ipset" "threat_intel" {
+  detector_id = aws_guardduty_detector.this.id
+  format      = "TXT"
+  location    = var.threat_intel_ip_set_url
+  name        = "threat-intel-ipset"
+  activate    = true
+}