Alarm if infected files are found Add-On
This add-on is deprecated. Use the reporting add-on instead!
This add-on creates a CloudWatch Alarm to notify you via email if infected files are found in the past N seconds.
Table of Contents
Setup
- Set the Stack name to
bucketav-alarm
. - Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed our docs, the name is
bucketav
, ors3-virusscan
for older installations). - Set the Email parameter to your email address.
- Click on the Create stack button to save.
- You will receive an email (subject: AWS Notification - Subscription Confirmation) with a confirmation link that you have to visit.
Terraform
resource "aws_cloudformation_stack" "bucketav_add_on_alarm" {
name = "bucketav-alarm"
template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/alarm/v2.0.0/bucketav-add-on-alarm.yaml"
capabilities = ["CAPABILITY_IAM"]
parameters = {
BucketAVStackName = "bucketav" # if you followed our docs, the name is `bucketav`, or `s3-virusscan` for older installations
Email = "name@domain.todo" # TODO replace email address
}
}
Update
- To update this add-on to version v2.0.0, go to the AWS CloudFormation Management Console .
- Double-check the region at the top right.
- Search for
bucketav-alarm
(ors3-virusscan-alarm
for older installations), otherwise search for the name you specified. - Select the stack and click on Update.
- Select Replace current template and set the Amazon S3 URL to
https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/alarm/v2.0.0/bucketav-add-on-alarm.yaml
Copy - Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Architecture
The following AWS services are used:
- CloudWatch Alarms to monitor if infected files are found.
- SNS Topic & Subscription to send out emails.