Disabling Malware Protection for S3 for a protected bucket - Amazon GuardDuty

Disabling Malware Protection for S3 for a protected bucket

When you disable Malware Protection for S3 for a protected bucket, GuardDuty deletes the Malware Protection plan ID associated with that bucket. GuardDuty will no longer start a malware scan when a new object gets uploaded to this bucket or one of the selected object prefixes.

If you have enabled GuardDuty and now want to suspend or disable GuardDuty, see Suspending or disabling GuardDuty. Because there is no concept of detector ID in Malware Protection for S3, disabling or suspending GuardDuty doesn't impact the status of a protected bucket in your account. You can continue using Malware Protection for S3 feature independently with the associated standard pricing. For more information, see Viewing usage and cost for Malware Protection for S3. To stop using Malware Protection for S3, you will need to disable it for all the protected buckets in your account. If you want to continue using GuardDuty and disable only Malware Protection for S3 for a bucket, the following steps are not going to impact the configuration of the GuardDuty service and other protection plans that you may have enabled.

Choose a preferred access method to disable Malware Protection for S3 in your protected S3 bucket.

Console
To disable Malware Protection for S3 by using GuardDuty console

  1. Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, choose Malware Protection for S3.

  3. Under Protected buckets, select the bucket for which you want to disable Malware Protection for S3.

    You can select only one protected bucket at a time. To disable Malware Protection for S3 for more than one bucket, follow these steps again for another S3 bucket.

  4. Choose Disable.

  5. Choose Disable to confirm the selection.

API/CLI
To disable Malware Protection for S3 by using API or AWS CLI

  • By using API

    Run the DeleteMalwareProtectionPlan API by using the Malware Protection plan ID associated with this plan resource.

    To retrieve the Malware Protection plan ID, you can run the ListMalwareProtectionPlans API.

  • By using AWS CLI

    Alternatively, you can run the following AWS CLI command to disable Malware Protection for S3 by replacing 4cc8bf26c4d75EXAMPLE with the Malware Protection plan ID associated to this S3 bucket:

    aws guardduty delete-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE

    If you don't already have the Malware Protection plan ID for this S3 bucket, you can run the following AWS CLI command and replace us-east-1 with the Region for which you want to list the Malware Protection plan IDs.

    aws guardduty list-malware-protection-plans --region us-east-1