monocdk-serverless-clamscan
Advanced tools
Comparing version 1.1.73 to 1.2.0
25
API.md
@@ -67,3 +67,4 @@ # API Reference | ||
* **props** (<code>[ServerlessClamscanProps](#monocdk-serverless-clamscan-serverlessclamscanprops)</code>) A `ServerlessClamscanProps` interface. | ||
* **buckets** (<code>Array<[aws_s3.Bucket](#monocdk-aws-s3-bucket)></code>) An optional list of S3 buckets to configure for ClamAV Virus Scanning; __*Optional*__ | ||
* **acceptResponsibilityForUsingImportedBucket** (<code>boolean</code>) Allows the use of imported buckets. __*Optional*__ | ||
* **buckets** (<code>Array<[aws_s3.IBucket](#monocdk-aws-s3-ibucket)></code>) An optional list of S3 buckets to configure for ClamAV Virus Scanning; __*Optional*__ | ||
* **defsBucketAccessLogsConfig** (<code>[ServerlessClamscanLoggingProps](#monocdk-serverless-clamscan-serverlessclamscanloggingprops)</code>) Whether or not to enable Access Logging for the Virus Definitions bucket, you can specify an existing bucket and prefix (Default: Creates a new S3 Bucket for access logs ). __*Optional*__ | ||
@@ -84,2 +85,3 @@ * **efsEncryption** (<code>boolean</code>) Whether or not to enable encryption on EFS filesystem (Default: enabled). __*Optional*__ | ||
**resultDest** | <code>[aws_lambda.IDestination](#monocdk-aws-lambda-idestination)</code> | The Lambda Destination for completed ClamAV scans [CLEAN, INFECTED]. | ||
**scanAssumedPrincipal** | <code>[aws_iam.ArnPrincipal](#monocdk-aws-iam-arnprincipal)</code> | <span></span> | ||
**cleanRule**? | <code>[aws_events.Rule](#monocdk-aws-events-rule)</code> | Conditional: An Event Bridge Rule for files that are marked 'CLEAN' by ClamAV if a success destination was not specified.<br/>__*Optional*__ | ||
@@ -91,2 +93,3 @@ **defsAccessLogsBucket**? | <code>[aws_s3.IBucket](#monocdk-aws-s3-ibucket)</code> | Conditional: The Bucket for access logs for the virus definitions bucket if logging is enabled (defsBucketAccessLogsConfig).<br/>__*Optional*__ | ||
**resultBus**? | <code>[aws_events.EventBus](#monocdk-aws-events-eventbus)</code> | Conditional: The Event Bridge Bus for completed ClamAV scans if a success (onResult) destination was not specified.<br/>__*Optional*__ | ||
**useImportedBuckets**? | <code>boolean</code> | Conditional: When true, the user accepted the responsibility for using imported buckets.<br/>__*Optional*__ | ||
@@ -104,6 +107,6 @@ ### Methods | ||
```ts | ||
addSourceBucket(bucket: Bucket): void | ||
addSourceBucket(bucket: IBucket): void | ||
``` | ||
* **bucket** (<code>[aws_s3.Bucket](#monocdk-aws-s3-bucket)</code>) The bucket to add the scanning bucket policy and s3:ObjectCreate* trigger to. | ||
* **bucket** (<code>[aws_s3.IBucket](#monocdk-aws-s3-ibucket)</code>) The bucket to add the scanning bucket policy and s3:ObjectCreate* trigger to. | ||
@@ -113,4 +116,17 @@ | ||
#### getPolicyStatementForBucket(bucket) <a id="monocdk-serverless-clamscan-serverlessclamscan-getpolicystatementforbucket"></a> | ||
Returns the statement that should be added to the bucket policy in order to prevent objects to be accessed when they are not clean or there have been scanning errors: this policy should be added manually if external buckets are passed to addSourceBucket(). | ||
```ts | ||
getPolicyStatementForBucket(bucket: IBucket): PolicyStatement | ||
``` | ||
* **bucket** (<code>[aws_s3.IBucket](#monocdk-aws-s3-ibucket)</code>) The bucket which you need to protect with the policy. | ||
__Returns__: | ||
* <code>[aws_iam.PolicyStatement](#monocdk-aws-iam-policystatement)</code> | ||
## struct ServerlessClamscanLoggingProps <a id="monocdk-serverless-clamscan-serverlessclamscanloggingprops"></a> | ||
@@ -139,3 +155,4 @@ | ||
-----|------|------------- | ||
**buckets**? | <code>Array<[aws_s3.Bucket](#monocdk-aws-s3-bucket)></code> | An optional list of S3 buckets to configure for ClamAV Virus Scanning;<br/>__*Optional*__ | ||
**acceptResponsibilityForUsingImportedBucket**? | <code>boolean</code> | Allows the use of imported buckets.<br/>__*Optional*__ | ||
**buckets**? | <code>Array<[aws_s3.IBucket](#monocdk-aws-s3-ibucket)></code> | An optional list of S3 buckets to configure for ClamAV Virus Scanning;<br/>__*Optional*__ | ||
**defsBucketAccessLogsConfig**? | <code>[ServerlessClamscanLoggingProps](#monocdk-serverless-clamscan-serverlessclamscanloggingprops)</code> | Whether or not to enable Access Logging for the Virus Definitions bucket, you can specify an existing bucket and prefix (Default: Creates a new S3 Bucket for access logs ).<br/>__*Optional*__ | ||
@@ -142,0 +159,0 @@ **efsEncryption**? | <code>boolean</code> | Whether or not to enable encryption on EFS filesystem (Default: enabled).<br/>__*Optional*__ |
import { EventBus, Rule } from 'monocdk/aws-events'; | ||
import { ArnPrincipal, PolicyStatement } from 'monocdk/aws-iam'; | ||
import { IDestination } from 'monocdk/aws-lambda'; | ||
import { IBucket, Bucket } from 'monocdk/aws-s3'; | ||
import { IBucket } from 'monocdk/aws-s3'; | ||
import { Queue } from 'monocdk/aws-sqs'; | ||
@@ -26,3 +27,3 @@ import { Construct } from 'monocdk'; | ||
*/ | ||
readonly buckets?: Bucket[]; | ||
readonly buckets?: IBucket[]; | ||
/** | ||
@@ -49,2 +50,6 @@ * Optionally set a reserved concurrency for the virus scanning Lambda. | ||
readonly defsBucketAccessLogsConfig?: ServerlessClamscanLoggingProps; | ||
/** | ||
* Allows the use of imported buckets. When using imported buckets the user is responsible for adding the required policy statement to the bucket policy: `getPolicyStatementForBucket()` can be used to retrieve the policy statement required by the solution. | ||
*/ | ||
readonly acceptResponsibilityForUsingImportedBucket?: boolean; | ||
} | ||
@@ -118,2 +123,6 @@ /** | ||
readonly defsAccessLogsBucket?: IBucket; | ||
/** | ||
Conditional: When true, the user accepted the responsibility for using imported buckets | ||
*/ | ||
readonly useImportedBuckets?: boolean; | ||
private _scanFunction; | ||
@@ -132,2 +141,15 @@ private _s3Gw; | ||
/** | ||
* @returns ArnPrincipal the ARN of the assumed role principal for the scan function | ||
*/ | ||
get scanAssumedPrincipal(): ArnPrincipal; | ||
/** | ||
* Returns the statement that should be added to the bucket policy | ||
in order to prevent objects to be accessed when they are not clean | ||
or there have been scanning errors: this policy should be added | ||
manually if external buckets are passed to addSourceBucket() | ||
* @param bucket The bucket which you need to protect with the policy | ||
* @returns PolicyStatement the policy statement if available | ||
*/ | ||
getPolicyStatementForBucket(bucket: IBucket): PolicyStatement; | ||
/** | ||
* Sets the specified S3 Bucket as a s3:ObjectCreate* for the ClamAV function. | ||
@@ -138,3 +160,3 @@ Grants the ClamAV function permissions to get and tag objects. | ||
*/ | ||
addSourceBucket(bucket: Bucket): void; | ||
addSourceBucket(bucket: IBucket): void; | ||
} |
@@ -88,3 +88,3 @@ { | ||
"license": "Apache-2.0", | ||
"version": "1.1.73", | ||
"version": "1.2.0", | ||
"jest": { | ||
@@ -91,0 +91,0 @@ "testMatch": [ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
345872
591