Amazon Connect attachment scanning

This feature is only available for bucketAV for Amazon S3!

You can configure Amazon Connect to scan attachments that are sent during a chat or uploaded to a case. You can scan attachments for malware before they are approved to be shared between participants of a chat with bucketAV.

The following figure shows an interaction between a user and an agent. The user (on the left) uploads a clean file first, followed by a virus. The agent (on the right) only receives the clean file.

Amazon Connect user uploading attachments in a chat

Setup (#)

Requires bucketAV for Amazon S3 powered by ClamAV® version >= 2.9.0, or bucketAV for Amazon S3 powered by Sophos® version >= 2.0.0.
To update to the latest version, follow the Update Guide.

The ReportCleanFiles configuration parameter must be set to true.

Install Add-On (requires a running bucketAV installation)

  1. Set the Stack name to bucketav-connect.
  2. Set the BucketAVStackName parameter to the stack name of bucketAV (if you followed the docs, the name is bucketav).
  3. Select I acknowledge that AWS CloudFormation might create IAM resources.
  4. Click on the Create stack button to save.
  5. Wait for the stack to reach status CREATE_COMPLETE.
  6. Click on the Outputs tab to get the ScannerLambdaFunctionName.
  7. Follow the Amazon Connect documentation to add an attachment scanner to your Amazon Connect instance and select the Lambda function returned in the previous step.
Not available. Please contact us if you have a use case for it!

CloudFormation snippet (#)

# [...]
Resources:
  # [...]
  Connect:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        BucketAVStackName: 'bucketav' # if you followed the docs, the name is bucketav
      TemplateURL: 'https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.2.1/bucketav-add-on-connect.yaml'
Not available. Please contact us if you have a use case for it!

Terraform snippet (#)

resource "aws_cloudformation_stack" "bucketav_add_on_connect" {
  name         = "bucketav-connect"
  template_url = "https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.2.1/bucketav-add-on-connect.yaml"
  capabilities = ["CAPABILITY_IAM"]
  parameters = {
    BucketAVStackName = "bucketav" # if you followed the docs, the name is bucketav
  }
}
Not available. Please contact us if you have a use case for it!

Update (#)

Which version am I using?

  1. To update this Add-On to version v2.2.1, go to the AWS CloudFormation Management Console.
  2. Double-check the region at the top right.
  3. Search for bucketav-connect, otherwise search for the name you specified.
  4. Select the stack and click on Update.
  5. Select Replace current template and set the Amazon S3 URL to https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.2.1/bucketav-add-on-connect.yaml Copy
  6. Click on Next.
  7. Scroll to the bottom of the page and click on Next.
  8. Scroll to the bottom of the page and click on Next.
  9. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack.
  10. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and …
  11. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE.
Not available. Please contact us if you have a use case for it!

Architecture (#)

The following AWS services are used:

  • DynamoDB Table to store scan results temporarily.
  • SNS Subscription to connect to the Findings Topic.
  • Lambda Function to store the scan results in DynampDB and to implement the Amazon Connect attachment scanner.
  • CloudWatch Alarms to monitor the used AWS services.
  • CloudWatch Logs to store logs.

Release Notes (#)

Subscribe to our Atom feed or newsletter to stay up-to-date! We also publish a machine-readable JSON file.

v2.2.1

Changes:

  • Bug fixes

Release date:2024-07-09

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.2.1/bucketav-add-on-connect.yaml

v2.2.0

Changes:

  • Update Lambda runtime to Node.js 20

Release date:2024-02-14

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.2.0/bucketav-add-on-connect.yaml

v2.1.0

Changes:

  • Add Service Discovery

Release date:2023-12-07

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.1.0/bucketav-add-on-connect.yaml

v2.0.1

Changes:

  • Bug fixes

Release date:2023-11-16

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.0.1/bucketav-add-on-connect.yaml

v2.0.0

Changes:

  • Initial release

Release date:2023-11-15

Template: https://bucketav-add-ons.s3.eu-west-1.amazonaws.com/connect/v2.0.0/bucketav-add-on-connect.yaml

Not available. Please contact us if you have a use case for it!

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email