API (self-hosted on AWS): Setup Guide

Are you looking for the SaaS offering?

Deploying the attachmentAV API to your AWS account is simple and takes about 15 minutes.

First, open attachmentAV Virus and Malware Scan API in the AWS Marketplace. Then, click the View purchase options button.

Next, subscribe to the product by clicking the Accept Terms button.

It takes a while until AWS processes the subscription. Continue by clicking the Continue to Configuration button.

Now, it is time to decide which fulfillment option to choose.

• Dedicated public VPC (recommended) deploys a separate VPC in your AWS account. The VPC is pre-configured for attachmentAV API and ensures to isolate the workload from other workloads in the same account. This option deploys an Internet-facing API and uses firewall rules as well as an authentication token to secure the workload.
• Existing VPC allows you to deploy the attachmentAV API into an existing VPC. There are two main reasons for choosing this option: a) you want to deploy an internal API, or b) you have very specific networking requirements to fulfill security governance standards. Read the Existing VPC Network Guide to prepare your VPC configuration.

Besides the fulfillment option, choose the latest software version and the AWS region where you would like to deploy the solution.

Continue by clicking the Continue to Launch button.

Next, ensure that the action Launch CloudFormation is selected and continue by pressing the Launch button. Doing so redirects you to the AWS Management Console and opens the CloudFormation service.

We use CloudFormation to deploy our solution consisting of the following building blocks to your AWS account with ease: VPC, Elastic Load Balacner, Auto Scaling Group, EC2 instances, IAM roles, CloudWatch alarms and dashboards, and more.

To start the creation of a CloudFormation stack, keep the defaults and click the Next button.

Now, it is time to configure the attachmentAV API for your needs. The following parameters are mandatory:

• ApiKeys: API keys for authenticating client requests using Bearer Authentication. Separate API keys with a comma (e.g., key1,key2).
• KeyName: Name of the EC2 key pair to log in via SSH (username: ec2-user).
• ApiIngressCidrIp: Ingress rule allows HTTP(S) access from this IP address range (e.g., access from anywhere: 0.0.0.0/0, from single public IP address 91.45.138.21/32).

attachmentAV API supports two types of DNS and certificate configuration. Choose by selecting one of the following options for the DnsConfiguration parameter.

• AUTO_ROUTE_53 - Automatically configure DNS and the certificate. Works for Internet-facing API endpoints only.
• MANUAL - Configure DNS and the certificate manually. Works for both Internet-facing and internal API endpoints.

When selecting AUTO_ROUTE_53 the following additional parameters are required:

• HostedZoneId: Route 53 public hosted zone ID.
• DomainName: Domain name added to Route 53 public hosted zone and Certificate Manager public certificate.

Alternatively, if you choose MANUAL the following additional parameters are required:

• CertificateArn: ACM public certificate ARN (required if DnsConfiguration:=MANUAL).

After you have configured all the parameters, click the Next button.

In the next step, scroll to the bottom …

… and check the I acknowledge that AWS CloudFormation might create IAM resource box. Then, press the Next button.

Next, review the configuration of the CloudFormation stack and click the Submit button at the bottom of the page.

It will take about five minutes until the CloudFormation stack reaches the state CREATE_COMPLETE.

Lucky you, if you selected AUTO_ROUTE_53 as DnsConfiguration: you are done! The attachmentAV API is reachable under the DNS name you configured with the DomainName parameter. Continue to send requests to your attachmentAV API.

In case you selected MANUAL as DnsConfiguration you need to find out the DNS name of the load balancer next. Select the Outputs tab of the CloudFormation stack. There you will find an output named LoadBalancerDnsName, which is attach-LoadB-cxSBVufhtM5S-39311217.eu-west-1.elb.amazonaws.com in our example. Ensure to create a CNAME record pointing to the value of LoadBalancerDnsName. The attachmentAV API is reachable under the DNS name of the CNAME you created. Continue to send requests to your attachmentAV API.