feat: add rule E3063 to validate GuardDuty Detector property exclusivity (#4364)

* feat: add rule E3063 to validate GuardDuty Detector property exclusivity

Author: JuanHPassos

src/cfnlint/rules/resources/guardduty/DetectorExclusiveProperties.py

@@ -0,0 +1,40 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+from __future__ import annotations
+
+from typing import Any
+
+from cfnlint.jsonschema import ValidationError, ValidationResult, Validator
+from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema
+
+
+class DetectorExclusiveProperties(CfnLintJsonSchema):
+    id = "E3063"
+    shortdesc = "Validate GuardDuty Detector property exclusivity"
+    description = (
+        "The request failed because both DataSources and Features were provided. "
+        "You can provide only one; it is recommended to use Features."
+    )
+    source_url = "https://docs.aws.amazon.com/pt_br/guardduty/latest/ug/guardduty-features-activation-model.html"
+    tags = ["resources", "guardduty"]
+
+    def __init__(self) -> None:
+        super().__init__(
+            keywords=[
+                "Resources/AWS::GuardDuty::Detector/Properties",
+            ],
+            all_matches=True,
+        )
+
+    def validate(
+        self, validator: Validator, _: Any, instance: Any, schema: dict[str, Any]
+    ) -> ValidationResult:
+        if "DataSources" in instance and "Features" in instance:
+            yield ValidationError(
+                "Both 'DataSources' and 'Features' were provided. "
+                "You can provide only one; it is recommended to use 'Features'.",
+                rule=self,
+            )

src/cfnlint/rules/resources/guardduty/__init__.py

@@ -0,0 +1,4 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""

test/unit/rules/resources/guardduty/test_detector_exclusive_properties.py

@@ -0,0 +1,76 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+import pytest
+
+from cfnlint.rules.resources.guardduty.DetectorExclusiveProperties import (
+    DetectorExclusiveProperties,
+)
+
+
+@pytest.fixture(scope="module")
+def rule():
+    rule = DetectorExclusiveProperties()
+    yield rule
+
+
+@pytest.mark.parametrize(
+    "instance,expected_count,expected_message",
+    [
+        # Valid cases - should not trigger the rule
+        (
+            {
+                "Enable": True,
+                "Features": [
+                    {"Name": "S3_DATA_EVENTS", "Status": "ENABLED"},
+                    {"Name": "RUNTIME_MONITORING", "Status": "ENABLED"},
+                ],
+            },
+            0,
+            None,
+        ),
+        (
+            {"Enable": True, "DataSources": {"S3Logs": {"Enable": True}}},
+            0,
+            None,
+        ),
+        (
+            {
+                "Enable": True,
+            },  # Neither provided (schema validation handles missing properties)
+            0,
+            None,
+        ),
+        (
+            [],
+            0,
+            None,
+        ),
+        # Invalid cases - should trigger the rule
+        (
+            {
+                "Enable": True,
+                "DataSources": {"S3Logs": {"Enable": True}},
+                "Features": [
+                    {"Name": "S3_DATA_EVENTS", "Status": "ENABLED"},
+                    {"Name": "EBS_MALWARE_PROTECTION", "Status": "ENABLED"},
+                ],
+            },
+            1,
+            (
+                "Both 'DataSources' and 'Features' were provided. "
+                "You can provide only one; it is recommended to use 'Features'."
+            ),
+        ),
+    ],
+)
+def test_validate(instance, expected_count, expected_message, rule, validator):
+    errs = list(rule.validate(validator, "", instance, {}))
+
+    assert len(errs) == expected_count, (
+        f"Expected {expected_count} errors got {len(errs)}"
+    )
+    if expected_message:
+        assert errs[0].message == expected_message