Setup Guide (Cloudflare R2)

Get started with bucketAV in 15 minutes. Follow this Setup Guide to:

  • Subscribe to and install bucketAV.
  • Scan your Cloudflare R2 buckets when new files arrive (optional).
  • Scan your Cloudflare R2 buckets periodically (optional).
  • Configure a weekly report (optional).

Do you have any questions? Please read the documentation and frequently asked questions, or email us.

Create an EC2 key pair (#)

bucketAV requires an EC2 Key Pair. To create a key pair:

  1. Go to the EC2 Management Console and navigate to Key Pairs.
  2. Click on Create key pair.
  3. Set a Name (e.g., bucketav).
  4. Select the Private key file format that fits your SSH client (.ppk for PuTTY; otherwise, .pem).
  5. Click on Create key pair. Step 1

Prepare Cloudflare account (#)

bucketAV requires an R2 subscription, Workers Paid plan subscription, API token and R2 access key.

  1. You need a R2 subscription to use Cloudflare R2.
  2. You need a Workers Paid plan subscription to use Cloudflare Workers and Queues.
  3. Create an API token to provide read and edit access to Queues, Workers, and R2 (manage queue, manage worker, manage R2 event notifications):
    • Open the Cloudflare dashboard.
    • Open your Profile. Cloudflare: step 1
    • Navigate to API Tokens and click Create Token. Cloudflare: step 2
    • Scroll down to the bottom. Next to Create Custom Token, click on Get started. Cloudflare: step 3
    • Set Token Name to bucketav.
    • Set Permissions to:
      • Account | Queues | Read |
      • Account | Queues | Edit |
      • Account | Workers R2 Storage | Read |
      • Account | Workers R2 Storage | Edit |
      • Account | Workers Scripts | Read |
      • Account | Workers Scripts | Edit |
    • Click Continue to summary. Cloudflare: step 4
    • Click Create token. Cloudflare: step 5
    • Save the token for later. Cloudflare: step 6
  4. Create an R2 access key to provide admin access to R2 (list buckets, read & write objects):
    • In the Cloudflare dashboard, navigate to R2 and click Manage R2 API Tokens. Cloudflare: step 7
    • Click Create API token. Cloudflare: step 8
    • Set Token name to bucketav.
    • Set Permissions to Admin Read & Write.
    • Click Create API token. Cloudflare: step 9
    • Copy Access Key ID and Secret Access Key. Cloudflare: step 10

Request 14-day free trial (#)

Try bucketAV risk-free with our 14-day free trial.

The free trial covers the bucketAV software costs. Please note that AWS infrastructure and Amzon S3 API costs are not covered.

Subscribe to bucketAV in AWS Marketplace (#)

bucketAV supports two engines: Sophos® and ClamAV®. The following table compares the two engines. Pick the engine, that fits your needs and click on the Go to AWS Marketplace button.

bucketAV for Cloudflare R2 powered by ClamAV®bucketAV for Cloudflare R2 powered by Sophos®
Open-source antivirus engineCommercial antivirus engine
Immediate zero-day protection
Medium performanceHigh performance
Maximum file size 2 GBMaximum file size 5 TB
Standard support via emailPriority support via email
$0.025 per vCPU hour$0.025 per vCPU hour
$0.20 per scanned GB
Go to AWS MarketplaceGo to AWS Marketplace

After you selected the engine, that fits your need by clicking one of the Go to AWS Marketplace links, proceed with the following steps.

  1. Click on Continue to Subscribe. Step 1
  2. Click on Accept Terms. Step 2
  3. The subscription is now Pending. Step 3
  4. Wait until the subscription is active and click on Continue to Configuration. Step 4
  5. We provide three Delivery Methods:
    Delivery MethodDescriptionArchitecture
    Dedicated public VPC
    (recommended)
    The recommended and cost-efficient option where the network setup is included.Open diagram
    Dedicated private VPCThe EC2 instances run in private subnets (additional traffic charges apply). We recommend this option only if your internal security guidelines require it.Open diagram
    Existing VPCDeploy bucketAV into an existing VPC. Deploying bucketAV into an existing VPC increases the setup effort and the complexity. Read the Existing VPC Network Guide to prepare your VPC configuration.Open diagram
  6. Click on Continue to Launch. Step 5
  7. Choose the Action Launch CloudFormation and click on Launch. Step 6
  8. You are redirected to CloudFormation.

Install bucketAV (#)

bucketAV is managed and configured via CloudFormation.

  1. Click on Next. Step 7
  2. Set a Stack name (e.g., bucketav).
  3. Under Required Parameters:
    1. Set the KeyName configuration parameter to an EC2 Key Pair name.
    2. Set the CloudflareAccountId configuration parameter to your Cloudflare account ID.
    3. Set the CloudflareApiToken configuration parameter to the API token created earlier.
    4. Set the CloudflareAccessKeyId configuration parameter to the access key ID created earlier.
    5. Set the CloudflareAccessKeySecret configuration parameter to the access key secret created earlier.
  4. Review the rest of the configuration parameters and go with the defaults (recommended). Step 8
  5. Scroll to the bottom of the page and click on Next. Step 9
  6. Scroll to the bottom of the page and click on Next. Step 10
  7. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Create. Step 11
  8. The stack status is CREATE_IN_PROGRESS. Reload the table from time to time and … Step 12
  9. … wait until the CloudFormation stack status switches to CREATE_COMPLETE. Step 13

bucketAV is now up and running.

Update bucketAV regularly to keep the product secure.

Receive a monthly digest of security updates, new capabilities, and best practices.

Continue to connect your R2 buckets.

Configure your R2 buckets (#)

  1. Visit the AWS CloudWatch Management Console.
  2. Navigate to Dashboards.
  3. Select the dashboard starting with the name bucketav followed by the name of the AWS region—for example, bucketav-eu-west-1. Step 1
  4. Find the Buckets tile. Enable real-time file scanning for each bucket you want by clicking the Enable button. Step 2
  5. Enable scheduled bucket scanning for each bucket you want by clicking the Enable button. Step 5

Continue to configure reporting and open the dashboard.

Reporting & Visibility (#)

Install the Reporting Add-On to receive a daily/weekly/monthly email report.

Check out the dashboard for complete visibility into bucketAV.

Do you have any questions? (#)

Check out the frequently asked questions, or send us an email.

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.