AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2026-05-28 · Documentation low

File: guardduty/latest/ug/malware-protection-backup-start-on-demand-scan.md

Summary

Added requirement for end timestamp when scanning S3 PITR resources and updated API documentation accordingly.

Security assessment

Documents a new parameter requirement for existing security scans without indicating any vulnerability remediation. The timestamp constraint matches operational guidance from the first file.

Diff

diff --git a/guardduty/latest/ug/malware-protection-backup-start-on-demand-scan.md b/guardduty/latest/ug/malware-protection-backup-start-on-demand-scan.md
index e6740c391..922f6cfe9 100644
--- a//guardduty/latest/ug/malware-protection-backup-start-on-demand-scan.md
+++ b//guardduty/latest/ug/malware-protection-backup-start-on-demand-scan.md
@@ -24,0 +25,2 @@ ConsoleAPI/CLI
+    4. For an S3 PITR resource, pass in an end timestamp. The end timestamp cannot be older than (_current time - 15 minutes_).
+
@@ -36 +38 @@ For issues with IAM role permissions, see [Troubleshooting IAM role permissions
-Invoke [StartMalwareScan](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_StartMalwareScan.html) which accepts the `resourceArn` of the resource for which you want to start an on-demand malware scan on. If you want to start an incremental scan, pass in the `baselineResourceArn` in `incrementalScanDetails`. As part of the scan configuration, you also need to provide an IAM role that has all the permissions needed to start the scan. After you successfully start a scan, `StartMalwareScan` returns a `scanId`. Invoke the `GetMalwareScan` API to monitor the progress of the started scan and to get details of the scan once it is done.
+Invoke [StartMalwareScan](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_StartMalwareScan.html) which accepts the `resourceArn` of the resource for which you want to start an on-demand malware scan on. If you want to start an incremental scan, pass in the `baselineResourceArn` in `incrementalScanDetails`. As part of the scan configuration, you also need to provide an IAM role that has all the permissions needed to start the scan. If the resource being scanned is an S3 PITR resource, you need to pass in an end timestamp. After you successfully start a scan, `StartMalwareScan` returns a `scanId`. Invoke the `GetMalwareScan` API to monitor the progress of the started scan and to get details of the scan once it is done.