Troubleshooting Malware Protection plan status details
For any protected bucket, GuardDuty displays the Status based on the ranking. For example, if a protected bucket has issues under both Error and Warning categories, GuardDuty will first display the issue that is associated with the Error status.
The following table provides status details and the corresponding steps to resolve these issues.
Status |
Issue |
Status details |
Steps to troubleshoot |
---|---|---|---|
Warning |
Unable to put test object |
To validate the setup of the selected bucket, GuardDuty puts a test object in your bucket. |
To the selected IAM role, add the following permissions so that GuardDuty can put the test object to the selected resource:
Replace It may take a few minutes for the Status column value to change to Active. |
Unable to monitor Malware Protection for S3 setup |
The IAM role is missing permissions for GuardDuty to monitor the Malware Protection for S3 setup for this bucket. |
Add the following permissions to your IAM role:
It may take a few minutes for the Status column value to change to Active. |
|
Error |
EventBridge notification is disabled for this S3 bucket. |
GuardDuty uses EventBridge to receive a notification when a new object gets uploaded to this S3 bucket. This permission is missing in your IAM role. |
It may take a few minutes for the Status column value to change to Active. |
EventBridge managed rule to receive S3 bucket events is missing. |
The EventBridge managed rule permissions to manage the EventBridge rule setup is missing. |
Add the following permission statement to your IAM role:
It may take a few minutes for the Status column value to change to Active. |
|
This S3 bucket no longer exists. |
This S3 bucket was deleted from your account and it no longer exists. |
If deleting the S3 bucket was not intentional, then you can create a new bucket by using the Amazon S3 console. After creating the bucket successfully, enable Malware Protection for S3 by following the steps under the Configuring Malware Protection for S3 for your bucket page. |