Skip to content
Creates and configures Anti-Virus Scanning of S3 Buckets.
HCL
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci
.markdownlintrc
.pre-commit-config.yaml
.terraform-version
LICENSE
README.md
anti-virus-scan.tf
anti-virus-update.tf
main.tf
variables.tf

README.md

terraform-aws-s3-anti-virus

Creates an AWS Lambda function to do anti-virus scanning of objects in AWS S3 using bucket-antivirus-function

While waiting for updates on that repo you will need to use a special fork and branch:

git clone git@github.com:chrisgilmerproj/bucket-antivirus-function.git
git checkout cg_all_prs

With that repo checked out you must run the make command and then copy the resulting zip file to AWS S3 with:

aws s3 cp bucket-antivirus-function-chris/build/lambda.zip s3://lambda-builds-us-west-2/anti-virus/VERSION/anti-virus.zip

Creates the following resources for anti-virus updates:

  • IAM role for Lambda function to update Anti-Virus databases in S3
  • CloudWatch Event to trigger function on a schedule.
  • AWS Lambda function to download Anti-Virus databases files to S3

Creates the following resources for anti-virus scanning:

  • IAM role for Lambda function to scan files in S3
  • S3 Event to trigger function on object creation
  • AWS Lambda function to scan S3 object and send alert to slack if any objects are infected and quarantined.

Usage

module "s3_anti_virus" {
  source = "../../modules/aws-s3-anti-virus"

  lambda_s3_bucket = "lambda-builds-us-west-2"
  lambda_version   = "1.0"
  lambda_package   = "anti-virus"

  av_update_minutes = "180"
  av_scan_buckets   = ["bucket-name"]

  av_definition_s3_bucket   = "av-update-bucket-name"
  av_definition_s3_prefix   = "anti-virus"
  av_scan_start_sns_arn = "sns-topic-name"
  av_status_sns_arn     = "sns-topic-name"
}

Inputs

Name Description Type Default Required
av_definition_s3_bucket Bucket containing antivirus databse files. string n/a yes
av_definition_s3_prefix Prefix for antivirus databse files. string "clamav_defs" no
av_scan_buckets A list of S3 bucket names to scan for viruses. list n/a yes
av_scan_start_sns_arn SNS topic ARN to publish notification about start of scan (optional). string "" no
av_status_sns_arn SNS topic ARN to publish scan results (optional). string "" no
av_status_sns_publish_clean Publish AV_STATUS_CLEAN results to AV_STATUS_SNS_ARN. string "True" no
av_status_sns_publish_infected Publish AV_STATUS_INFECTED results to AV_STATUS_SNS_ARN. string "True" no
av_update_minutes How often to download updated Anti-Virus databases. string "180" no
cloudwatch_logs_retention_days Number of days to keep logs in AWS CloudWatch. string "90" no
lambda_package The name of the lambda package. Used for a directory tree and zip file. string "anti-virus" no
lambda_s3_bucket The name of the S3 bucket used to store the Lambda builds. string n/a yes
lambda_version The version the Lambda function to deploy. string n/a yes
You can’t perform that action at this time.