Cloud Storage Shield scans your S3 buckets for malicious files or objects. It monitors the content of S3 bucket using the Barracuda Advanced Threat Protection service. If it finds anything malicious, it blocks access to the files.
Enabling Cloud Storage Shield
To enable Cloud Storage Shield:
- Navigate to Services > Cloud Storage Shield.
- Select the cloud service account that you want to protect.
One at a time, select one or more regions that you want to protect, then click Deploy Regional Stack.
As part of deploying the stack, select a VPC and Subnet from the region on which you want to deploy the Cloud Storage Shield. Then click Deploy.
- For each region that you select, specify which S3 buckets you want Cloud Storage Shield to protect by setting them to Active.
- When you have finished, click Apply Changes.
- Repeat for additional regions.
You can change this configuration at any time.
Disabling Cloud Storage Shield
To disable Cloud Storage Shield, repeat the steps above, but change the S3 bucket settings to Inactive. Click Apply Changes when you are ready to save the settings.
Integrating with AWS Security Hub
To integrate findings from Cloud Storage Shield with AWS Security Hub, refer to Integrating with AWS Security Hub.