IAM Role

To enable the server to download S3 data, an IAM role with the policy AmazonS3ReadOnlyAccess attached is required. This role should be created and associated with the EC2 instance, granting it the necessary access rights.

Security Consideration

To enhance security, it is highly recommended to disable the public IP address associated with the instance. This measure helps restrict access to the API Server and mitigates potential risks.

Network Consideration

It is suggested to deploy this server within the same availability zone as your existing infrastructure to minimize data transfer charges. By colocating the virus scan server and your other resources in the same availability zone, you can leverage the low-cost or free data transfer within the same zone. And it ensures that the virus scan API server operates within the same network environment as your infrastructure, enabling faster and more efficient communication while minimizing data transfer costs.

Cross-Machine File Scanning

If you need to scan files residing on different machines, you can utilize the NFS server enabled on the API server. Here's how:

  • Create a directory on your local machine to store the data you want to scan. For example:

    mkdir /tmp/data-to-scan

  • Mount the NFS shared directory from your Virus Scan Server AMI to your local machine using this command:

    sudo mount -t nfs api-server-ip-address:/elm/shared /tmp/data-to-scan

  • Any files stored in /tmp/data-to-scan on your local machine can be accessed and scanned by the Virus Scan Server AMI via http://api-server-ip-address:8080/api/clamav/scan/file

The NFS client can be installed using

sudo apt install nfs-common


sudo yum install nfs-utils

for ubuntu-like and amazon-linux-like operating systems, respectively.