Disabling Malware Protection for S3 for a protected
bucket
When you disable Malware Protection for S3 for a protected bucket, GuardDuty deletes the Malware Protection plan ID associated
with that bucket. GuardDuty will no longer start a malware scan when a new object gets uploaded to
this bucket or one of the selected object prefixes.
If you have enabled GuardDuty and now want to suspend or disable GuardDuty, see Suspending or disabling GuardDuty. Because there is
no concept of detector ID in Malware Protection for S3, disabling or suspending GuardDuty doesn't impact the status of a protected bucket in your account. You can
continue using Malware Protection for S3 feature independently with the associated standard pricing. For more
information, see Reviewing usage cost for Malware Protection for S3. To stop using Malware Protection for S3, you will need to
disable it for all the protected buckets in your account. If you want to continue using GuardDuty and
disable only Malware Protection for S3 for a bucket, the following steps are not going to impact the configuration
of the GuardDuty service and other protection plans that you may have enabled.
Choose a preferred access method to disable Malware Protection for S3 in your protected S3 bucket.
- Console
-
To disable Malware Protection for S3 by using GuardDuty console
Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
-
In the navigation pane, choose Malware Protection for S3.
-
Under Protected buckets, select the bucket for which you want to
disable Malware Protection for S3.
You can select only one protected bucket at a time. To disable Malware Protection for S3 for more than
one bucket, follow these steps again for another S3 bucket.
-
Choose Disable to confirm the selection.
- API/CLI
-
To disable Malware Protection for S3 by using API or AWS CLI
-
By using API
Run the DeleteMalwareProtectionPlan API by using the Malware Protection plan ID associated with this plan
resource.
To retrieve the Malware Protection plan ID, you can run the ListMalwareProtectionPlans API.
-
By using AWS CLI
Alternatively, you can run the following AWS CLI command to disable Malware Protection for S3 by replacing
4cc8bf26c4d75EXAMPLE
with the Malware Protection plan ID associated to this S3
bucket:
aws guardduty delete-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE
If you don't already have the Malware Protection plan ID for this S3 bucket, you can run the
following AWS CLI command and replace us-east-1
with the Region for
which you want to list the Malware Protection plan IDs.
aws guardduty list-malware-protection-plans --region us-east-1