adding tags and rules

Author: ievgeniia ieromenko

aws_sra_examples/solutions/genai/sra_guardduty_malware_protection_for_s3/README.md

@@ -10,7 +10,7 @@
 
 ## Introduction
 
-This solution deploys Amazon GuardDuty Malware Protection for S3 buckets using AWS CloudFormation. It creates protection plan to enable automated scanning of new objects in S3 buckets for malware and sends notifications of scan results. GuardDuty Malware Protection for S3 can detect malicious content in files before they are processed or used by other systems, enhancing the security of data stored in S3.
+This solution deploys Amazon GuardDuty Malware Protection for S3 using AWS CloudFormation. It creates protection plan to enable automated scanning of new objects in S3 buckets for malware and sends notifications of scan results. GuardDuty Malware Protection for S3 can detect malicious content in files before they are processed or used by other systems, enhancing the security of data stored in S3.
 A key use case for this solution is in the preparation of knowledge bases for Retrieval Augmented Generation (RAG) with Amazon Bedrock. The malware protection capabilities help enhance the security controls for documents and files used in Amazon Bedrock knowledge base construction, contributing to the overall security posture of AI-powered applications.
 
 ### Features
@@ -88,13 +88,18 @@ You can deploy this solution using the AWS Console or AWS CLI.
 ### Deploying via AWS CLI
 1. Run the following command to deploy the stack:
 #### Notes:
-- Update parameter values with your specific settings.
+- Update parameter values with your specific settings. 
+- When deploying with an existing bucket, add the following parameters to your CloudFormation deployment command:
+```bash
+ParameterKey=pExistingBucketName,ParameterValue="bucket-name" \
+ParameterKey=pExistingBucketKmsKey,ParameterValue="kms-key-arn"
+```
 - This example assumes the CloudFormation template file is saved in the templates directory. Adjust the --template-body path if necessary.
 - Ensure the --capabilities CAPABILITY_NAMED_IAM flag is included to allow CloudFormation to create the necessary IAM resources.
 
 ```bash
 aws cloudformation create-stack \
-    --stack-name SraGuardDutyS3MalwareProtection \
+    --stack-name SraGuardDutyMalwareProtectionForS3 \
     --template-body file://aws_sra_examples/solutions/genai/sra_guardduty_malware_protection_for_s3/templates/sra-guardduty-malware-protection-for-s3-main.yaml \
     --region us-east-2 \
     --parameters \

aws_sra_examples/solutions/genai/sra_guardduty_malware_protection_for_s3/documentation/sra-guardduty-malware-protection-for-s3.png

@@ -128,6 +128,11 @@ Rules:
     Assertions:
       - Assert: !Not [!Equals [!Ref pExistingBucketName, '']]
         AssertDescription: Existing bucket name is required when using an existing bucket
+  EmailAddressValidation:
+    RuleCondition: !Equals [!Ref pSRAAlarmEmail, '']
+    Assertions:
+      - Assert: !Not [!Equals [!Ref pSRAAlarmEmail, '']]
+        AssertDescription: Must provide a valid email address
 
 Conditions:
   cCreateNewBucket: !Equals
@@ -235,6 +240,9 @@ Resources:
               - Effect: Allow
                 Action: sqs:SendMessage
                 Resource: !GetAtt rGuardDutyS3ProtectionRuleDLQ.Arn
+      Tags:
+        - Key: sra-solution
+          Value: !Ref pSRASolutionName
 
   rGuardDutyS3ProtectionRuleDLQ:
     Type: AWS::SQS::Queue
@@ -414,7 +422,6 @@ Resources:
         Version: '2012-10-17'
       ManagedPolicyArns:
         - !Sub ${rIAMS3MalwareBucketPolicy.PolicyArn}
-            
       Tags:
         - Key: sra-solution
           Value: !Ref pSRASolutionName
@@ -437,7 +444,6 @@ Resources:
           Value: !Ref pSRASolutionName
 
   rS3MalwareProtectionPlanAlarmTopic:
-    # Condition: cCreateDLQAlarm
     Type: AWS::SNS::Topic
     Properties:
       DisplayName: !Sub ${pSRASolutionName}-alarm