- 最新
- 最多得票
- 最多評論
Hello,
From your query, I could understand that you want to auto-update Lambda layer such that the Lambda function makes use of the Latest version of ClamAV dependency.
I would like to inform that, when adding a layer to the lambda function, we need to specify which version of the layer to use. Unfortunately, we do not get $LATEST version with Lambda layer with which we can tell Lambda service to use latest version of a layer. Instead, we need to publish new version for every update of the Layer which is also mentioned in the documentation [1] below.
[1] Working with Lambda layers - https://docs.aws.amazon.com/lambda/latest/dg/chapter-layers.html#lambda-layer-versions
To quote the above article, kindly note that the Lambda Layers are versioned, and the content of each layer version is immutable. The layer owner can release a new layer version to provide updated content.
Currently, there is no way to configure a lambda function to include the updated versions of the layers automatically. This is to ensure that the function doesn't run into any issues if in case there is any inaccuracy in the updated layer version as this would break the lambda function. Considering this, it is always recommended to test the updated dependent packages of the lambda function and then update the function configuration to include the latest version of the layer.
Additionally, I found below third party link [2] which also talks about the same scenario and it mentions some possible workarounds. Kindly note that, AWS does not endorse any third party link, however, this is shared only for reference purpose.
Have you looked into downloading ClamAV definitions into a S3 bucket as per the following article.
Creates an hourly job to download the latest ClamAV definition files to the Virus Definitions S3 Bucket by utilizing an Amazon EventBridge rule and a Lambda function
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
Thank you for your answer! as far as I understood this is to update the virus scan definition not the ClamAV version itself
That is correct. I’d be more concerned about auto updating the definitions than clamav it’s self because it’s the definitions that are important for detecting viruses.