IAM Role Configuration

To facilitate the server's access to Google Cloud Storage data, it is essential to assign appropriate IAM roles. The instance should be configured with a service account that has the storage.objectViewer role for the required GCS buckets. This ensures the necessary permissions for data retrieval.

Enhancing Security

For enhanced security, it is strongly advised to disable the public IP address associated with the instance or use a firewall rule to restrict access to the API Server. This precautionary measure limits access to the API Server, thereby reducing potential security risks.

Optimizing Network Deployment

To minimize data transfer costs, it is recommended to deploy the server within the same region as your existing infrastructure. By colocating the virus scan server and your other resources in the same region, you can take advantage of the free data transfer within the same region. This setup also ensures that the virus scan API server operates within the same network environment as your infrastructure, enabling faster and more efficient communication while minimizing data transfer costs.

VM size

The server requires a minimum of 3GB of memory to function properly, as it needs to load the virus database into memory for fast scanning. Using instances with less than 3GB of memory could cause ClamAV to fail during virus definition updates and scanning operations. The recommended VM size is 2 CPU cores and 4GB of memory.