Configuring Malware Protection for S3 for your bucket

For enabling Malware Protection for S3, GuardDuty requires you to create or update an IAM role with permissions to perform scan actions. GuardDuty then assumes this IAM role to perform these actions on your behalf. You will need this IAM role name at the time of enabling this protection plan for your Amazon S3 bucket.

After you perform the IAM role prerequisite step, you can now enable Malware Protection for S3. For each time you want to protect an Amazon S3 bucket, you must perform both the steps listed in this section.

To enable Malware Protection for S3, you will need details such as S3 bucket name, object prefixes if you want to focus the protection for specific prefixes, and the IAM role name with required permissions.

The steps remain the same whether you get started with Malware Protection for S3 independently or enable it as a part of the GuardDuty service. Use the following steps in the listed order each time you want to enable this feature for an S3 bucket.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

(Optional) Get started with Malware Protection for S3 only (console)

Prerequisite - IAM role permissions