IAM Role
To enable the server to download S3 data, an IAM role with the policy AmazonS3ReadOnlyAccess attached is required. This role should be created and associated with the EC2 instance, granting it the necessary access rights.
Security Consideration
To enhance security, it is highly recommended to disable the public IP address associated with the instance. This measure helps restrict access to the API Server and mitigates potential risks.
Network Consideration
It is suggested to deploy this server within the same availability zone as your existing infrastructure to minimize data transfer charges. By colocating the virus scan server and your other resources in the same availability zone, you can leverage the low-cost or free data transfer within the same zone. And it ensures that the virus scan API server operates within the same network environment as your infrastructure, enabling faster and more efficient communication while minimizing data transfer costs.
Cross-Machine File Scanning
If you need to scan files residing on different machines, you can utilize the NFS server enabled on the API server. Here's how:
-
Create a directory on your local machine to store the data you want to scan. For example:
mkdir /tmp/data-to-scan -
Mount the NFS shared directory from your Virus Scan Server AMI to your local machine using this command:
sudo mount -t nfs api-server-ip-address:/elm/shared /tmp/data-to-scan -
Any files stored in /tmp/data-to-scan on your local machine can be accessed and scanned by the Virus Scan Server AMI via http://api-server-ip-address:8080/api/clamav/scan/file
The NFS client can be installed using
sudo apt install nfs-common
and
sudo yum install nfs-utils
for ubuntu-like and amazon-linux-like operating systems, respectively.