IAM Role Configuration
To facilitate the server's access to S3 data, it is essential to assign an IAM role with the AmazonS3ReadOnlyAccess policy attached. This role should be created and linked to the EC2 instance, ensuring the necessary permissions for data retrieval.
Enhancing Security
For enhanced security, it is strongly advised to disable the public IP address associated with the instance. This precautionary measure limits access to the API Server, thereby reducing potential security risks.
Optimizing Network Deployment
To minimize data transfer costs, it is recommended to deploy the server within the same availability zone as your existing infrastructure. By colocating the virus scan server and your other resources in the same availability zone, you can take advantage of the low-cost or free data transfer within the same zone. This setup also ensures that the virus scan API server operates within the same network environment as your infrastructure, enabling faster and more efficient communication while minimizing data transfer costs.
Cross-Machine File Scanning
To scan files located on different machines, you can leverage the NFS server enabled on the API server. Follow these steps:
-
On your local machine, create a directory to store the data you want to scan. For example:
mkdir /tmp/data-to-scan -
Use the following command to mount the NFS shared directory from your Virus Scan Server AMI to your local machine:
sudo mount -t nfs api-server-ip-address:/elm/shared /tmp/data-to-scan -
Files stored in /tmp/data-to-scan on your local machine can be accessed and scanned by the Virus Scan Server AMI via http://api-server-ip-address:8080/api/clamav/scan/file
To install the NFS client, use the following commands for ubuntu-like and amazon-linux-like operating systems, respectively:
sudo apt install nfs-common
sudo yum install nfs-utils