Trigger ClamAV scans of newly created S3 objects and updates the object with the scan results. The S3 events are sent to an SQS queue where they are processed by the Scan Files API.
- To use the default values for the following variables, your account must be part of our AWS organization:
scan_files_role_arns3_scan_object_role_arn
- You can build your own Lambda Docker image using the code in cds-snc/scan-files/module/s3-scan-object.
No requirements.
No modules.
| Name |
Description |
Type |
Default |
Required |
| billing_tag_key |
(Optional, default 'CostCentre') The name of the billing tag |
string |
"CostCentre" |
no |
| billing_tag_value |
(Required) The value of the billing tag |
string |
n/a |
yes |
| s3_scan_object_role_arn |
(Optional, default S3 Scan Object role) S3 scan object lambda execution role ARN |
string |
"arn:aws:iam::806545929748:role/s3-scan-object" |
no |
| s3_upload_bucket_names |
(Required) Names of the existing S3 upload bucket to scan objects in. |
list(string) |
n/a |
yes |
| s3_upload_bucket_policy_create |
(Optional, defaut 'true') Create the S3 upload bucket policy to allow Scan Files access. |
bool |
true |
no |
| scan_files_assume_role_create |
(Optional, default 'true') Create the IAM role that Scan Files assumes. Defaults to true. If this is set to false, it is assumed that the role already exists in the account. |
bool |
true |
no |
| scan_files_role_arn |
(Optional, default Scan Files API role) Scan Files lambda execution role ARN |
string |
"arn:aws:iam::806545929748:role/scan-files-api" |
no |