0

I'm implementing a file upload workflow using Amazon S3 and want to integrate AWS GuardDuty for malware protection. The goal is to automatically scan uploaded files and delete any that are flagged as infected.

Here’s what I’ve done so far:

Files are uploaded to a private S3 bucket using pre-signed URLs. GuardDuty is enabled for malware protection on the bucket. I’ve configured lifecycle rules to delete objects tagged with THREATS_FOUND=true. Questions:

How can I ensure GuardDuty tags infected files correctly for lifecycle rules to trigger? Is there a recommended way to automate deletion beyond lifecycle rules (e.g., using EventBridge + Lambda)? Are there any limitations or best practices for using GuardDuty malware protection with S3 buckets? Any guidance or examples would be appreciated!

Improve this question
1
  • The S3 object tag is not THREATS_FOUND:true afaik, it's GuardDutyMalwareScanStatus:THREATS_FOUND. Your question seems to be "how can I verify that GuardDuty malware detection works" so upload some known malware. Commented Sep 8 at 13:06
Related questions
80
AWS S3 sync --delete, removed new files in local
2
Trigger AWS Step Function from EventBridge Rule
1
Does s3 lifecycle rules overwrite Deny Delete Bucket or DeleteObject policy is s3 bucket?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.