logemann · July 6, 2021 22:59 · louiekwan · Jul 6, 2021
diff --git a/clamAvStack.ts b/clamAvStack.ts
 import {Construct, RemovalPolicy, Stack} from "@aws-cdk/core";
 import * as ecs from '@aws-cdk/aws-ecs';
 import {LogDriver} from '@aws-cdk/aws-ecs';
 import {Peer, Port, SecurityGroup, SubnetType} from '@aws-cdk/aws-ec2';
 import {ExtendedStackProps} from "../model/ExtendedStackProps";
 import * as logs from "@aws-cdk/aws-logs";


 /**
 * This stack contains an ECS cluster/service with ClamAv inside
 */
 export class ClamAvStack extends Stack {

    constructor(scope: Construct, id: string, props: ExtendedStackProps) {
        super(scope, id, props);

        // Create an ECS cluster
        const cluster = new ecs.Cluster(this, 'ClamAvCluster', {
            vpc: props.vpc,
            clusterName: this.stackName,
            defaultCloudMapNamespace: {
                name: "example.com",
                vpc: props.vpc
            }
        });

        // had problem when reducing the memory to less than 2 Gig
        const taskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
            cpu: 512,
            memoryLimitMiB: 2048
        });

        // i hate CDK auto created logGroupNames, so i define my own LogGroup
        // also i hate not having Renetation days set to minimal
        const logGroup = new logs.LogGroup(this, 'ClamAvLogGroup', {
            retention: logs.RetentionDays.FIVE_DAYS,
            logGroupName: `ClamAvLogGroup`,
            removalPolicy: RemovalPolicy.DESTROY
        });

        taskDefinition.addContainer('clamAvContainer', {
            //image: ecs.ContainerImage.fromRegistry("docker.io/dinkel/clamavd"),
            image: ecs.ContainerImage.fromRegistry('docker.io/mkodockx/docker-clamav'),
            logging: LogDriver.awsLogs({
                logGroup: logGroup,
                streamPrefix: "clamAv"
            })
        }).addPortMappings({
            containerPort: 3310
        });

        // we define our security group here and allow incoming ICMP (i am old school) and 3301 for clamav
        const clamAvSecGroup = new SecurityGroup(this, 'ClamAvSecGroup', {
            vpc: props.vpc,
            securityGroupName: "clamAvSecurityGroup",
            description: 'clamAv Security Group',
            allowAllOutbound: true   // Can be set to false
        });
        clamAvSecGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(3310), 'allow access to port 3310');
        clamAvSecGroup.addIngressRule(Peer.anyIpv4(), Port.icmpPing(), "Allow ICMP Ping");

        // Instantiate an Amazon ECS Service
        const ecsService = new ecs.FargateService(this, 'Service', {
            cluster,
            taskDefinition,
            securityGroups: [clamAvSecGroup],
            serviceName: "ClamAvService",
            cloudMapOptions: {
                name: "clamav"
            },
            vpcSubnets: {
                subnetType: SubnetType.PRIVATE,
                //availabilityZones: ["eu-central-1b"]
            }
        });
    }
 }
	import {Construct, RemovalPolicy, Stack} from "@aws-cdk/core";
	import * as ecs from '@aws-cdk/aws-ecs';
	import {LogDriver} from '@aws-cdk/aws-ecs';
	import {Peer, Port, SecurityGroup, SubnetType} from '@aws-cdk/aws-ec2';
	import {ExtendedStackProps} from "../model/ExtendedStackProps";
	import * as logs from "@aws-cdk/aws-logs";


	/**
	* This stack contains an ECS cluster/service with ClamAv inside
	*/
	export class ClamAvStack extends Stack {

	constructor(scope: Construct, id: string, props: ExtendedStackProps) {
	super(scope, id, props);

	// Create an ECS cluster
	const cluster = new ecs.Cluster(this, 'ClamAvCluster', {
	vpc: props.vpc,
	clusterName: this.stackName,
	defaultCloudMapNamespace: {
	name: "example.com",
	vpc: props.vpc
	}
	});

	// had problem when reducing the memory to less than 2 Gig
	const taskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
	cpu: 512,
	memoryLimitMiB: 2048
	});

	// i hate CDK auto created logGroupNames, so i define my own LogGroup
	// also i hate not having Renetation days set to minimal
	const logGroup = new logs.LogGroup(this, 'ClamAvLogGroup', {
	retention: logs.RetentionDays.FIVE_DAYS,
	logGroupName: `ClamAvLogGroup`,
	removalPolicy: RemovalPolicy.DESTROY
	});

	taskDefinition.addContainer('clamAvContainer', {
	//image: ecs.ContainerImage.fromRegistry("docker.io/dinkel/clamavd"),
	image: ecs.ContainerImage.fromRegistry('docker.io/mkodockx/docker-clamav'),
	logging: LogDriver.awsLogs({
	logGroup: logGroup,
	streamPrefix: "clamAv"
	})
	}).addPortMappings({
	containerPort: 3310
	});

	// we define our security group here and allow incoming ICMP (i am old school) and 3301 for clamav
	const clamAvSecGroup = new SecurityGroup(this, 'ClamAvSecGroup', {
	vpc: props.vpc,
	securityGroupName: "clamAvSecurityGroup",
	description: 'clamAv Security Group',
	allowAllOutbound: true // Can be set to false
	});
	clamAvSecGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(3310), 'allow access to port 3310');
	clamAvSecGroup.addIngressRule(Peer.anyIpv4(), Port.icmpPing(), "Allow ICMP Ping");

	// Instantiate an Amazon ECS Service
	const ecsService = new ecs.FargateService(this, 'Service', {
	cluster,
	taskDefinition,
	securityGroups: [clamAvSecGroup],
	serviceName: "ClamAvService",
	cloudMapOptions: {
	name: "clamav"
	},
	vpcSubnets: {
	subnetType: SubnetType.PRIVATE,
	//availabilityZones: ["eu-central-1b"]
	}
	});
	}
	}