Open pgagnidze opened 3 months ago
The addEventNotification
method on the bucket already supports prefix and suffix filters, which can be used for S3 path and file extension filtering. This setup ensures that the Lambda function is triggered only for relevant objects. The Lambda function can then handle additional checks for object size and tags.
I like the idea. A few initial comments
filteredBuckets
property to maintain backwards compatibilityANY
logic operator can not be implemented if using S3 notification logic for both prefix and suffix filters
Improve the cdk-serverless-clamscan construct with a
filter
property for scanning S3 objects based on tags, file extensions, S3 paths, and object size. Additionally, introduce configurable logic for both overall filtering criteria and tag-specific filtering, allowing different filters per bucket. These filters should also be configurable when dynamically adding buckets using theaddSourceBucket
method.Proposed
filter
PropertyThe
filter
property will be an object applied per bucket, with the following sections:Configuration Example
Here’s an organized example showing the
filter
property per bucket:Example:
Scanning Behavior
greaterThanBytes
orlessThanBytes
, or both, depending on their needs.This feature maintains backward compatibility by ensuring that if no filter is specified, all objects are scanned.
Benefits
Looking forward to your feedback and thank you for considering this feature request!