-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can I delete a file once its been tagged as INFECTED? #582
Comments
Hi! There are multiple ways to handle this with event bridge considering the different targets you can use. A simple solution may be adding a Lambda Target to the infected rule and have the Lambda function delete the object from S3. |
Thanks for the quick response @dontirun
But there is nothing sent in this response about the file in S3 which it detected (Unless I am missing something) is there a way in the payload to get the ARN or Path to the S3 Object its scanning?? |
This is the payload from the lambda function (includes the source bucket and key) I believe if you use |
Looking at this blogpost
|
My apologizes, it looks like the default infected rule created by the construct may not contain that information. We may have to make a PR to change that if the '$.detail' object does not contain the correct information |
Thanks @dontirun. onResult (aws_lambda.IDestination) The Lambda Destination for files marked 'CLEAN' or 'INFECTED' based on the ClamAV Virus scan or 'N/A' for scans triggered by S3 folder creation events marked (Default: Creates and publishes to a new Event Bridge Bus if unspecified). OptionalWould I just literally add a lambda function into the main construct like const sc = new ServerlessClamscan(this, 'Clamscan', {
acceptResponsibilityForUsingImportedBucket: true,
onResult: lambdaarnhere?
}); Would that feed across the bucket name and bucket key of the file? So then in that lambda function I create, I can just delete the S3 file there? Do you know what gets passed to the lambda function using the I'm trying to figure out the best way to delete the S3 file after its been marked as infected. |
You would have to set up the destination (so not exactly just an ARN), but this payload will be present |
I use a lifecycle policy on the bucket that deletes all files that are marked as infected after one day. |
@felix-iw Awesome, I'd really appreciate it, if your able to share the LifeCycle XML you have? |
I set up both bucket and lifecycle rule with the CDK:
|
Thank you so much @felix-iw :) |
This can be closed? Perhaps a documentation update would be nice. |
Hello!
Sorry for the silly question, but I'm not sure in CDK how I can add a rule to delete a file marked as infected? I presume this is possible?
I notice you have an infectedRule? which creates an event bridge rule? But I wasn't sure how to go about doing this.
My existing code which works now
The text was updated successfully, but these errors were encountered: