After Enabling S3 Malware Protection

Overview

The following are steps to complete after enabling S3 Malware on a protected bucket.

Steps

  1. Add Tag-Based Access Control (TBAC) Policy:

    • If you enabled tagging, set up a TBAC policy for the S3 bucket to control access to potentially malicious objects.

  2. Monitor Malware Protection Plan Status:

    • Track the Status column in the GuardDuty console for each protected bucket to ensure the plan is active.

  3. Upload Objects to the Protected Bucket:

    • Use the Amazon S3 console to upload files to the bucket or specific object prefixes covered by Malware Protection.

  4. Monitor S3 Object Scan Status and Results:

    • If GuardDuty is enabled:

      • Malware findings may be generated to indicate the presence of malicious content.

      • Use tools like EventBridge, CloudWatch metrics, and S3 object tags to monitor scan results.

    • If Malware Protection is enabled without GuardDuty:

      • Use the same monitoring options—EventBridge, CloudWatch metrics, and S3 object tags—to track scan outcomes and ensure the health of uploaded objects.

PreviousEnabling S3 Malware ProtectionNextS3 Malware Resource Plan Status

Last updated