StartMalwareScan - Amazon GuardDuty


Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account.

When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see DescribeMalwareScans.

Request Syntax

POST /malware-scan/start HTTP/1.1 Content-type: application/json { "resourceArn": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


Amazon Resource Name (ARN) of the resource for which you invoked the API.

Type: String

Pattern: ^arn:[A-Za-z-]+:[A-Za-z0-9]+:[A-Za-z0-9-]+:\d+:(([A-Za-z0-9-]+)[:\/])?[A-Za-z0-9-]*$

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "scanId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 200.


For information about the errors that are common to all actions, see Common Errors.


A bad request exception object.

HTTP Status Code: 400


A request conflict exception object.

HTTP Status Code: 409


An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: