To enable the server to download S3 data, an IAM role with the policy AmazonS3ReadOnlyAccess attached is required. This role should be created and associated with the EC2 instance, granting it the necessary access rights.
To enhance security, it is highly recommended to disable the public IP address associated with the instance. This measure helps restrict access to the API Server and mitigates potential risks.
It is suggested to deploy this server within the same availability zone as your existing infrastructure to minimize data transfer charges. By colocating the virus scan server and your other resources in the same availability zone, you can leverage the low-cost or free data transfer within the same zone. And it ensures that the virus scan API server operates within the same network environment as your infrastructure, enabling faster and more efficient communication while minimizing data transfer costs.