From cd9cd7f23e314e5ddbe6602b11510642f1020d45 Mon Sep 17 00:00:00 2001 From: khatraf Date: Tue, 26 Nov 2024 09:50:49 +0000 Subject: [PATCH 1/2] s3 malware implementation guide --- ...enabling-s3-malware-protection.html.md.erb | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 source/runbooks/enabling-s3-malware-protection.html.md.erb diff --git a/source/runbooks/enabling-s3-malware-protection.html.md.erb b/source/runbooks/enabling-s3-malware-protection.html.md.erb new file mode 100644 index 0000000000..ca651376b9 --- /dev/null +++ b/source/runbooks/enabling-s3-malware-protection.html.md.erb @@ -0,0 +1,54 @@ +--- +owner_slack: "#modernisation-platform" +title: Enabling Malware Protection for Amazon S3 +last_reviewed_on: 2024-11-25 +review_in: 6 months +--- + + + + + +# <%= current_page.data.title %> + +## Enabling Malware Protection for Amazon S3 + +[AWS Malware Protection for S3](https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3.html) provides advanced scanning for newly uploaded objects in your S3 buckets for potential malware, providing an added layer of protection for your data. + +--- +### Configuration Overview + +All Modernisation Platform accounts have GuardDuty enabled by default, which includes S3 Protection. However, **Malware Protection for S3** must be configured at the account level. This configuration allows you to specify which S3 buckets should be scanned for malware. + + +--- +### Steps to Enable Malware Protection for S3 with Terraform for your account + +1. **Define the Buckets to Protect** + Begin by identifying the S3 buckets you want to enable malware protection for. Specify these buckets in your Terraform configuration as a variable or input list. + +2. **Create a Malware Protection Plan** + Set up a resource in Terraform to enable malware protection for each bucket in your list. This involves linking each bucket to a protection plan and ensuring that tagging or logging settings are properly configured for each bucket. + +3. **Assign IAM Permissions** + Reference the `MemberInfrastructureAccess` IAM role, which provides GuardDuty the necessary permissions to access and scan the specified S3 buckets. + +4. **Raise a PR for the Configuration** + Deploy your Terraform configuration. Validate your setup by running `terraform plan` to confirm the changes. Once validated, raise a Pull Request for review and approval to apply the configuration and enable malware protection for the specified buckets. + +5. **Verify the Deployment** + After applying the configuration, confirm that malware protection has been successfully enabled for the specified buckets by reviewing your GuardDuty settings or checking for findings related to malware scanning. + +By following these steps, you can enable Malware Protection for S3 using Terraform, ensuring a scalable and automated approach to securing your S3 buckets. + +--- +### Example Implementation + +An example of enabling Malware Protection for S3 can be found [here](https://github.com/ministryofjustice/modernisation-platform-environments/blob/main/terraform/environments/example/s3_malware_protection.tf). + +--- From 786e7914676278e6409cbac7f68c27f662e0167e Mon Sep 17 00:00:00 2001 From: khatraf Date: Tue, 26 Nov 2024 09:56:52 +0000 Subject: [PATCH 2/2] . --- source/runbooks/enabling-s3-malware-protection.html.md.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/runbooks/enabling-s3-malware-protection.html.md.erb b/source/runbooks/enabling-s3-malware-protection.html.md.erb index ca651376b9..7f530403c9 100644 --- a/source/runbooks/enabling-s3-malware-protection.html.md.erb +++ b/source/runbooks/enabling-s3-malware-protection.html.md.erb @@ -1,6 +1,6 @@ --- owner_slack: "#modernisation-platform" -title: Enabling Malware Protection for Amazon S3 +title: Enabling Malware Protection for S3 last_reviewed_on: 2024-11-25 review_in: 6 months ---