# Editing Malware Protection plan for a protected bucket You may need to edit the preferred IAM permissions policy, enable or disable tagging of the scanned S3 object, or add or remove S3 object prefixes. For example, when you enabled Malware Protection for S3 for your bucket, you decided to not enable tagging the scanned S3 object with the scan result. However, now you want GuardDuty to add the predefined tag and the scan result as the tag value. Choose a preferred access method to update the Malware Protection plan for your protected S3 bucket. ------ #### [ Console ] **To edit a Malware Protection plan** 1. Sign in to the AWS Management Console and open the GuardDuty console at [https://console.aws.amazon.com/guardduty/](https://console.aws.amazon.com/guardduty/). 1. In the navigation pane, choose **Malware Protection for S3**. 1. Under **Protected buckets**, select the bucket for which you want to edit the existing configuration. 1. Choose **Edit**. 1. Update the existing configuration and settings for your bucket and confirm the changes. For information about description and steps for each section, see [Enabling Malware Protection for S3 for your bucket](enable-malware-protection-s3-bucket.md). Monitor the **Status** column for this protected bucket. If it appears as either **Warning** or **Error**, see [Troubleshooting Malware Protection plan status](troubleshoot-s3-malware-protection-status-errors.md). ------ #### [ API/CLI ] **To edit Malware Protection plan by using API or AWS CLI** + **By using API** Run the [UpdateMalwareProtectionPlan](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_UpdateMalwareProtectionPlan.html) API by using the Malware Protection plan ID associated with this plan resource. To retrieve the Malware Protection plan ID in a specific Region, you can run the [ListMalwareProtectionPlans](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListMalwareProtectionPlans.html) API in that Region. + **By using AWS CLI** The following list provides AWS CLI example commands to update the Malware Protection plan resource. You will need the Malware Protection plan ID associated with your S3 bucket. **AWS CLI example commands** + Use the following AWS CLI command to **enable or disable** tagging for the Malware Protection plan resource associated with your S3 bucket: ``` aws guardduty update-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE --actions "Tagging"={"Status"="ENABLED|DISABLED"} ``` + Use the following AWS CLI command to **add an object prefix** to the Malware Protection plan resource associated with your S3 bucket: ``` aws guardduty update-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE --protected-resource "S3Bucket"={"ObjectPrefixes"=["amzn-s3-demo-1", "amzn-s3-demo-2"]} ``` Make sure to include the existing object prefixes in this command; otherwise, GuardDuty will remove those prefixes when editing the Malware Protection plan resource. + Use the following AWS CLI command to **remove an object prefix** from the Malware Protection plan resource associated with your S3 bucket: ``` aws guardduty update-malware-protection-plan --malware-protection-plan-id 4cc8bf26c4d75EXAMPLE --protected-resource "S3Bucket"={"ObjectPrefixes"=[""]} ``` If you don't already have the Malware Protection plan ID for this resource, you can run the following AWS CLI command and replace *us-east-1* with the Region for which you want to list the Malware Protection plan IDs. ``` aws guardduty list-malware-protection-plans --region us-east-1 ``` ------