Skip to content

Alpacked/terraform-clamav-s3

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
examples
examples
 
 
files
files
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Description

This terraform code uses ClamAV from this bucket-antivirus-function repository, but with some changes (to work in lambda lines)

Terraform code was taken from this terraform-s3-clamav repository. I have updated terraform up-to-best practice and fixed all problems because ClamAV didn't work.

Our terraforming code works great. February 24, 2021

It was tested on terraform 0.13.6 and 0.14.6

How it works

  • Each time a new object is added to a bucket, S3 invokes the Lambda function to scan the object
  • The function package will download current antivirus definitions from a S3 bucket.
  • The object is scanned for viruses and malware. Archive files are extracted and the files inside scanned also
  • The objects tags are updated to reflect the result of the scan, CLEAN or INFECTED, along with the date and time of the scan.
  • If the file is INFECTED bucket policy restricts access to the file and you can't open or download it.

How looks result after scanning

The result can be like this

Clean

  • in the CloudWatch logs

CLoudWatch Clean

Or this

Infected

  • in the CloudWatch logs

CLoudWatch Clean

How to spin up infrastructure

  1. git clone [email protected]:Alpacked/terraform-clamav-s3.git
  2. cd terraform-clamav-s3
  3. Create main.tfvars file with correct aws_region and buckets_to_scan with list of buckets that ClamAV will be check
  4. Run terraform init
  5. Run terraform plan -var-file=main.tfvars
  6. Run terraform apply -var-file=main.tfvars

NOTE: You can find an example of the tfvars file in the folder examples

Inputs

Name Description Type Default Required
aws_region A region the infrastructure will be deployed in. string n/a yes
bucket_events Specifies event for which to send notifications. list(string) 
[
  "s3:ObjectCreated:*"
]
 no
buckets_to_scan The buckets which need scanning. list(string) n/a yes
event_description The description of the rule. string "Fires every three hours" no
event_name The name of the rule. string "every_three_hours" no
event_schedule_expression The scheduling expression. string "rate(3 hours)" no
lambda_action The AWS Lambda action you want to allow in this statement. string "lambda:InvokeFunction" no
lambda_runtime Identifier of the function's runtime. string "python3.7" no
lambda_scan_principal The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID,
or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com.		 string "s3.amazonaws.com" no
lambda_timeout Amount of time your Lambda Function has to run in seconds. number 300 no
lambda_update_principal The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID,
or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com.		 string "events.amazonaws.com" no
scan_handler Function entrypoint in your code. string "scan.lambda_handler" no
scan_memory_size Amount of memory in MB your Lambda Function can use at runtime. number 2048 no
update_handler Function entrypoint in your code. string "update.lambda_handler" no
update_memory_size Amount of memory in MB your Lambda Function can use at runtime. number 1024 no

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages