Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
A standalone account owns the decision to enable or disable a protection plan in their
Amazon Web Services account in a specific Amazon Web Services Region.
If your account is associated with a GuardDuty administrator account through Amazon Organizations, or by the method
of invitation, this section doesn't apply to your account. For more information,
see Enabling S3 Protection in multiple-account
environments.
After you enable S3 Protection, GuardDuty will start monitoring Amazon CloudTrail data events for the S3
buckets in your account.
Choose your preferred access method to configure S3 Protection for a standalone
account.
- Console
-
Sign in to the Amazon Web Services Management Console and open the GuardDuty console at https://console.amazonaws.cn/guardduty/.
-
From the Region selector in the upper-right
corner, select a Region where you want to enable S3 Protection.
-
In the navigation pane, choose
S3 Protection.
-
The S3 Protection page provides the current status
of S3 Protection for your account. Choose Enable or
Disable to enable or disable S3 Protection at any
point in time.
-
Choose Confirm to confirm your
selection.
- API/CLI
-
Run updateDetector by using your valid detector
ID for the current Region and passing the features object
name as S3_DATA_EVENTS set to
ENABLED to enable S3 Protection, respectively.
Alternatively, you can use Amazon Command Line Interface. To enable S3 Protection, run the following
command, and replace
12abc34d567e8fa901bc2d34e56789f0 with your
account's detector ID and us-east-1 with the
Region where you want to enable S3 Protection.
aws guardduty update-detector --detector-id 12abc34d567e8fa901bc2d34e56789f0 --region us-east-1 --features '[{"Name" : "S3_DATA_EVENTS", "Status" : "ENABLED"}]'