Disabling Malware Protection for S3 for a protected bucket
When you disable Malware Protection for S3 for a protected bucket, GuardDuty deletes the Malware Protection plan ID associated
with that bucket. GuardDuty will no longer start a malware scan when
a new object gets uploaded to this bucket or one of the selected object prefixes.
If you have enabled GuardDuty and now want to suspend or disable GuardDuty, see
Suspending or disabling GuardDuty.
Because there is no concept of detector ID in Malware Protection for S3, disabling or suspending GuardDuty
doesn't impact the status of a protected bucket in your account. You
can continue using Malware Protection for S3 feature independently with the associated standard pricing. For more information,
see Viewing usage and cost for Malware Protection for S3. To stop
using Malware Protection for S3, you will need to disable it for all the protected buckets in your account. If you want to continue using
GuardDuty and disable only Malware Protection for S3 for a bucket, the following steps are not going to impact the configuration
of the GuardDuty service and other protection plans that you may have enabled.
Choose a preferred access method to disable Malware Protection for S3 in your protected S3 bucket.
- Console
-
To disable Malware Protection for S3 by using GuardDuty console
Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
-
In the navigation pane, choose Malware Protection for S3.
-
Under Protected buckets, select the bucket for which
you want to disable Malware Protection for S3.
You can select only one protected bucket at a time. To disable Malware Protection for S3
for more than one bucket, follow these steps again for another S3 bucket.
-
Choose Disable.
-
Choose Disable to confirm the selection.
- API/CLI
-
To disable Malware Protection for S3 by using API or AWS CLI
-
By using API
Run the DeleteMalwareProtectionPlan API by using
the Malware Protection plan ID associated with this plan resource.
To retrieve the Malware Protection plan ID, you can run the ListMalwareProtectionPlans API.
-
By using AWS CLI
Alternatively, you can run the following AWS CLI command to disable Malware Protection for S3 by replacing
4cc8bf26c4d75EXAMPLE
with the Malware Protection plan ID associated to this S3 bucket:
aws guardduty delete-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE
If you don't already have the Malware Protection plan ID for this S3 bucket, you can run the following AWS CLI command and replace
us-east-1
with the Region for which you want to list the Malware Protection plan IDs.
aws guardduty list-malware-protection-plans --region us-east-1