Demonstrates enabling GuardDuty S3 Malware Protection for an S3 bucket.
Options
- If a threat is detected, send a notification.
- If no threats are detected, move the file to another bucket or add the event to a queue.
Follow instructions to install CDK and bootstrap your account.
Set email in cdk.json if you'd like to receive an email notification when a threat is found.
Run cdk deploy
Threats
- Get an EICAR test file.
- Disable Malware Protection
- Download an EICAR test file
- Upload the file to the source bucket
- Re-enable Malware Protection
- Verify a notification was emailed to you
- Verify it is tagged with THREATS_FOUND
No Threats
- Upload a clean file to the source bucket
- Verify it was moved to the destination bucket
- Verify it is tagged with NO_THREATS_FOUND
- Verify the Guard Duty event was added to the queue