Feature in S3 Protection - Amazon GuardDuty

Feature in S3 Protection

AWS CloudTrail data events for S3

Data events, also known as data plane operations, provide insight into the resource operations performed on or within a resource. They are often high-volume activities.

The following are examples of CloudTrail data events for S3 that GuardDuty can monitor:
  • GetObject API operations

  • PutObject API operations

  • ListObjects API operations

  • DeleteObject API operations

When you enable GuardDuty for the first time, S3 Protection is enabled by default and is also included in the 30-day free trial period. However, this feature is optional and you can choose to enable or disable it for any account or Region at any time. For more information about configuring Amazon S3 as a feature, see GuardDuty S3 Protection.