cdk-serverless-clamscan

2.13.47 verified Fri May 01 auth: no python

An AWS CDK construct library that provides a serverless architecture to scan objects in Amazon S3 for viruses using ClamAV. Current version 2.13.47, requires Python ~=3.9. Development is active with frequent releases (multiple per week).

pip install cdk-serverless-clamscan

Common errors

error AttributeError: module 'cdk_serverless_clamscan' has no attribute 'ClamScan' ↓

cause Installed an older version (<2.0.0) where the main class was named differently (e.g., 'ClamScanner') or the import path differs.

fix

Upgrade to latest: pip install --upgrade cdk-serverless-clamscan. In v2, the class is 'ClamScan'.

error jsii.errors.JSIIError: Expected object reference, got undefined ↓

cause Passing a dict directly to the construct instead of ClamScanProps object.

fix

Wrap the props dict in ClamScanProps(...). For example, ClamScan(self, 'Scan', props=ClamScanProps(...)).

error ValueError: The 'scan_role_arn' property is required when 'add_event_notifications' is False ↓

cause When disabling automatic event notifications, a custom role must be provided for the scanning Lambda.

fix

Either set add_event_notifications=True (default) or provide a valid IAM role ARN via scan_role_arn.

Warnings

breaking Constructor signature changed in v2.0.0: 'ClamScanProps' is now passed as 'props' keyword argument, not as positional dict. ↓

fix Use ClamScan(self, 'Id', props=ClamScanProps(...)).

breaking In v2, the 'scan_role_arn' property is no longer automatically created; you must supply a role with appropriate IAM permissions if you need custom scanning roles. ↓

fix Pass an existing role via 'scan_role_arn' in ClamScanProps.

gotcha The construct automatically attaches to S3 buckets via S3 Event Notifications. If you already have event notifications on the bucket, you must explicitly set 'add_event_notifications: False' in ClamScanProps to avoid duplication. ↓

fix Set ClamScanProps(add_event_notifications=False) and manually add the S3 notification.

gotcha The ClamAV virus definitions update pipeline requires 'definition_pipeline_schedule' - if omitted, it defaults to no schedule and definitions might become stale. ↓

fix Always specify definition_pipeline_schedule as a rate or cron expression, e.g., 'rate(1 hour)'.

Imports

ClamScan
wrong
```
from cdk.serverless.clamscan import ClamScan
```
correct
```
from cdk_serverless_clamscan import ClamScan
```
The package name uses underscores, not hyphens. Also, it's not a submodule of cdk.

ClamScanProps

wrong

from cdk_serverless_clamscan.clamscan import ClamScanProps

correct

from cdk_serverless_clamscan import ClamScanProps

ClamScanProps is exported at the top level, not a nested module.

Quickstart

Deploys the serverless ClamAV scanning infrastructure in a CDK stack.

from constructs import Construct
from aws_cdk import Stack
from cdk_serverless_clamscan import ClamScan, ClamScanProps

class ScanStack(Stack):
    def __init__(self, scope: Construct, id: str, **kwargs):
        super().__init__(scope, id, **kwargs)
        ClamScan(
            self,
            'ClamScan',
            props=ClamScanProps(
                definition_pipeline_schedule='rate(1 hour)'
            )
        )