From 4164f72d0eb41a4e356e79509de6c4790753a3c0 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 24 Sep 2025 15:57:32 -0400
Subject: [PATCH] - 1.0.5 -- 2025-09-25   - add reources to the GD event rule
 to limit it to the specific bucket.  If there are multiple deployments in the
 same account,     they will all get the GD events otherwise.

---
 CHANGELOG.md             | 4 ++++
 eventbridge.guardduty.tf | 1 +
 version.tf               | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9a0f8d..b669613 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,3 +16,7 @@
 
 - 1.0.4 -- 2025-08-19
   - change dlq_event_age default from 3600 to 300
+
+- 1.0.5 -- 2025-09-25
+  - add reources to the GD event rule to limit it to the specific bucket.  If there are multiple deployments in the same account,
+    they will all get the GD events otherwise.
diff --git a/eventbridge.guardduty.tf b/eventbridge.guardduty.tf
index 6214aa1..d9adb3a 100644
--- a/eventbridge.guardduty.tf
+++ b/eventbridge.guardduty.tf
@@ -76,6 +76,7 @@ module "eventbridge_guardduty" {
       event_pattern = jsonencode({
         "source"      = ["aws.guardduty"]
         "detail-type" = ["GuardDuty Malware Protection Object Scan Result"]
+        "resources" : [format("%v/*", [module.files_in.s3_bucket_arn])]
       })
     }
   }
diff --git a/version.tf b/version.tf
index aacb4bc..3038995 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
 locals {
   _module_name    = "aws-app-ditd-darhts-s3-transfer"
-  _module_version = "1.0.4"
+  _module_version = "1.0.5"
 }