This PR adds a new role and policy configuration for GuardDuty S3 malware protection. This will help detect and mitigate malware in files uploaded to S3 buckets across our accounts.
The policy gives permissions for:
EventBridge Management: Managing rules and targets specific to GuardDuty operations.
S3 Access: Accessing objects, managing bucket notifications, and handling validation objects for scanning. But also tagging so post-scan it will show if threat was found/not found.
KMS: for decryption
A reference to the issue / Description of it
8050
How does this PR fix the problem?
This PR adds a new role and policy configuration for GuardDuty S3 malware protection. This will help detect and mitigate malware in files uploaded to S3 buckets across our accounts. The policy gives permissions for: EventBridge Management: Managing rules and targets specific to GuardDuty operations. S3 Access: Accessing objects, managing bucket notifications, and handling validation objects for scanning. But also tagging so post-scan it will show if threat was found/not found. KMS: for decryption
More detailed information can be found here: https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection-s3-iam-policy-prerequisite.html
How has this been tested?
Please describe the tests that you ran and provide instructions to reproduce.
{Please write here}
Deployment Plan / Instructions
Will this deployment impact the platform and / or services on it?
{Please write here}
Checklist (check
xin[ ]of list items)Additional comments (if any)
{Please write here}