diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9a0f8d..b669613 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,3 +16,7 @@
 
 - 1.0.4 -- 2025-08-19
   - change dlq_event_age default from 3600 to 300
+
+- 1.0.5 -- 2025-09-25
+  - add reources to the GD event rule to limit it to the specific bucket.  If there are multiple deployments in the same account,
+    they will all get the GD events otherwise.
diff --git a/eventbridge.guardduty.tf b/eventbridge.guardduty.tf
index 6214aa1..d9adb3a 100644
--- a/eventbridge.guardduty.tf
+++ b/eventbridge.guardduty.tf
@@ -76,6 +76,7 @@ module "eventbridge_guardduty" {
       event_pattern = jsonencode({
         "source"      = ["aws.guardduty"]
         "detail-type" = ["GuardDuty Malware Protection Object Scan Result"]
+        "resources" : [format("%v/*", [module.files_in.s3_bucket_arn])]
       })
     }
   }
diff --git a/version.tf b/version.tf
index aacb4bc..3038995 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
 locals {
   _module_name    = "aws-app-ditd-darhts-s3-transfer"
-  _module_version = "1.0.4"
+  _module_version = "1.0.5"
 }