Amazon Connect attachment scanning
You can configure Amazon Connect to scan attachments that are sent during a chat or uploaded to a case. You can scan attachments for malware before they are approved to be shared between participants of a chat with bucketAV.
The following figure shows an interaction between a user and an agent. The user (on the left) uploads a clean file first, followed by a virus. The agent (on the right) only receives the clean file.
Setup
Requires bucketAV powered by ClamAV® version >= 2.9.0 or bucketAV powered by Sophos® version >= 2.0.0. To update to the latest version, follow the Update Guide.
The ReportCleanFiles configuration parameter must be set to
true
.
Install Add-On (requires a running bucketAV installation)
- Set the Stack name to
bucketav-connect
. - Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed the docs, the name is
bucketav
). - Select I acknowledge that AWS CloudFormation might create IAM resources.
- Click on the Create stack button to save.
- Wait for the stack to reach status
CREATE_COMPLETE
. - Click on the Outputs tab to get the ScannerLambdaFunctionName.
- Follow the Amazon Connect documentation to add an attachment scanner to your Amazon Connect instance and select the Lambda function returned in the previous step.
Terraform
resource "aws_cloudformation_stack" "bucketav_add_on_connect" {
name = "bucketav-connect"
template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.0.1/bucketav-add-on-connect.yaml"
capabilities = ["CAPABILITY_IAM"]
parameters = {
BucketAVStackName = "bucketav" # if you followed the docs, the name is `bucketav`
}
}
Update
- To update this add-on to version v2.0.1, go to the AWS CloudFormation Management Console.
- Double-check the region at the top right.
- Search for
bucketav-connect
, otherwise search for the name you specified. - Select the stack and click on Update.
- Select Replace current template and set the Amazon S3 URL to
https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.0.1/bucketav-add-on-connect.yaml
Copy - Click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page and click on Next.
- Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
- While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
- … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Architecture
The following AWS services are used:
- DynamoDB Table to store scan results temporarily.
- SNS Subscription to connect to the Findings Topic.
- Lambda Function to store the scan results in DynampDB and to implement the Amazon Connect attachment scanner.
- CloudWatch Alarms to monitor the used AWS services.