After enabling Malware Protection for S3 for a bucket, the status indicates whether the feature is configured and functional as expected. This status is associated with a unique Malware Protection plan identifier (ID). GuardDuty creates this ID at the time of enabling the feature.
Use the following procedure to view the status of your protected bucket:
Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/
. -
In the navigation pane, select Malware Protection for S3.
-
In the Protected buckets table, view the corresponding Status column for your S3 bucket.
The following table lists and describes status values associated with your Malware Protection plan resource. By understanding what these statuses mean for your protected bucket, you can better ensure that GuardDuty initiates an automatic malware scan when an object gets uploaded.
| Status | Description |
|---|---|
|
Active |
Your S3 bucket has been configured with Malware Protection for S3 successfully. When the status is Active, changes to the IAM role (deletion or permissions modification) won't update the status to Warning or Error. We recommend monitoring the scan status continuously by using any of the methods described in Monitoring S3 object scans. |
|
Warning* |
Malware Protection for S3 is designed to not get impacted when a warning shows up. When GuardDuty notices a new S3 object, it will initiate a malware scan. After initiating the scan successfully, the Status column value may take a few minutes to change to Active. You will receive an EventBridge notification after the Status column value updates. |
|
Error* |
Your bucket is not protected. None of the malware scans associated with this S3 bucket will complete. There could be one or more potential root causes. |
*For information about potential issues and the corresponding steps to resolve them, see Troubleshooting Malware Protection plan status.
