Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Editing Malware Protection plan for a protected bucket

PDF
RSS
Focus mode
Editing Malware Protection plan for a protected bucket - Amazon GuardDuty

You may need to edit the preferred IAM permissions policy, enable or disable tagging of the scanned S3 object, or add or remove S3 object prefixes. For example, when you enabled Malware Protection for S3 for your bucket, you decided to not enable tagging the scanned S3 object with the scan result. However, now you want GuardDuty to add the predefined tag and the scan result as the tag value.

Choose a preferred access method to update the Malware Protection plan for your protected S3 bucket.

Console
To edit a Malware Protection plan

  1. Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, choose Malware Protection for S3.

  3. Under Protected buckets, select the bucket for which you want to edit the existing configuration.

  4. Choose Edit.

  5. Update the existing configuration and settings for your bucket and confirm the changes. For information about description and steps for each section, see Enabling Malware Protection for S3 for your bucket.

    Monitor the Status column for this protected bucket. If it appears as either Warning or Error, see Troubleshooting Malware Protection plan status.

API/CLI
To edit Malware Protection plan by using API or AWS CLI

  • By using API

    Run the UpdateMalwareProtectionPlan API by using the Malware Protection plan ID associated with this plan resource.

    To retrieve the Malware Protection plan ID in a specific Region, you can run the ListMalwareProtectionPlans API in that Region.

  • By using AWS CLI

    The following list provides AWS CLI example commands to update the Malware Protection plan resource. You will need the Malware Protection plan ID associated with your S3 bucket.

    AWS CLI example commands

    • Use the following AWS CLI command to enable or disable tagging for the Malware Protection plan resource associated with your S3 bucket:

      aws guardduty update-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE --actions "Tagging"={"Status"="ENABLED|DISABLED"}

    • Use the following AWS CLI command to add an object prefix to the Malware Protection plan resource associated with your S3 bucket:

      aws guardduty update-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE --protected-resource "S3Bucket"={"ObjectPrefixes"=["amzn-s3-demo-1", "amzn-s3-demo-2"]}

      Make sure to include the existing object prefixes in this command; otherwise, GuardDuty will remove those prefixes when editing the Malware Protection plan resource.

    • Use the following AWS CLI command to remove an object prefix from the Malware Protection plan resource associated with your S3 bucket:

      aws guardduty update-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE --protected-resource "S3Bucket"={"ObjectPrefixes"=[""]}

    If you don't already have the Malware Protection plan ID for this resource, you can run the following AWS CLI command and replace us-east-1 with the Region for which you want to list the Malware Protection plan IDs.

    aws guardduty list-malware-protection-plans --region us-east-1
anchoranchor
To edit a Malware Protection plan

  1. Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, choose Malware Protection for S3.

  3. Under Protected buckets, select the bucket for which you want to edit the existing configuration.

  4. Choose Edit.

  5. Update the existing configuration and settings for your bucket and confirm the changes. For information about description and steps for each section, see Enabling Malware Protection for S3 for your bucket.

    Monitor the Status column for this protected bucket. If it appears as either Warning or Error, see Troubleshooting Malware Protection plan status.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.