Skip to content

Guides
Reference
Initiatives
- JIRA-SYNC-GUIDE
- TP-1857-Supplier-Management
  - TP-3155-HMF-Home-Modifications-Flow
    
    design-spec
    idea
- TP-1858-Consumer-Journey
  - TP-1865-HCA-Client-HCA
    
    idea
  - TP-2315-LES-Lead-Essential
    
    idea
- TP-1859-Clinical-And-Care-Plan
  - TP-1904-ASS1-Assessment-Prescriptions
    
    ASS1-PRD
    ASS1-RACI
    PROGRESS
    Report_T5_AI_V3_Verified
    idea
  - TP-1905-RNC-Risks-Needs-Care-Plan
    
    RNC_old_con_files
    
    old_RNC -1. Idea Brief
  - TP-1908-CCU-Care-Circle-Uplift
    
    CCU_old_con_files
    
    old_CCU---1.-Idea-Brief---Care-Circle-Uplift_527138821
    old_CCU---2.-PRD---Care-Circle-Uplift_527138848
  - TP-2174-DOC-Documents
    
    DOC-PRD
    PROGRESS
    idea
  - TP-2432-Multi-Package-Support
    
    COMPLETION-REPORT
    README
    spec
    
    checklists
    
    spec-quality
  - TP-2914-ASS2-Inclusion-Integration
    
    ASS2_old_con_files
    
    old_ASS2_Idea_Brief
    old_ASS2_PRD
- TP-1869-Budgets-And-Services
  - TP-2501-BUR-Budget-Reloaded
    
    RACI
    USER-STORIES
    idea
    
    FRB-Funding-Sidebar
    
    plan
    spec
    tasks
    
    checklists
    
    spec-quality
  - TP-3300-REC-Invoice-Recode
    
    design-spec
    idea
    mockups
    plan
    spec
    tasks
- TP-2141-Work-Management
  - TP-1880-CMA-CM-Activities
    
    CMA_old_con_files
    
    old_CMA---1.-Idea---Brief_492634121
    old_CMA--2.-Plan---PRD_492470275
  - TP-2403-RAP-Roles-And-Permissions-Refactor
    
    PRD
    RACI
    idea
  - TP-XXXX-BKB-Brain-Knowledge-Base
    
    WYSIWYG-PREVIEW-EDITING
    design-spec
    idea
    initiatives-ui-plan
    plan
    spec
    tasks
    
    checklists
    
    requirements
    
    mockups
    
    summary
  - TP-XXXX-MDE-Markdown-Documentation-Editor
    
    design-spec
    plan
    spec
    tasks
    
    checklists
    
    requirements
    
    mockups
    
    auto-save-indicator
    concurrent-edit-indicator
    create-form-variations
    delete-confirmation
    editor-variations
    search-filter
    summary
Brain
- 1. OVERVIEW
- 2. Strategy
  - Product Mission
- 3. FEATURES
  - bill-processing
  - budget-wraparound
- 4. INDUSTRY
  - Aged Care
    
    services-australia-api
  - SAH
    
    support-at-home-context
- 5. OTHER
- 6. Design Land
  - Test
- Jira
  - JIRA-SYNC-GUIDE
  - README
- MEETINGS
  - BRP
    
    [BRP] 2025-05 May
    [BRP] 2025-08 August

Malware Protection for S3

Overview

GuardDuty supports malware scanning for S3 buckets with simple configurations. The service has an option to tag S3 files when threats are found, and then we can set up an S3 bucket policy to prevent access to those files using the tags.

It’s also scalable and easy to integrate with other AWS services. Event Bridge and SQS are used to communicate the events back to our application.

1. GuardDuty

GuardDuty Configuration 1

GuardDuty Configuration 2

Enable Malware Protection for the S3 bucket that you want to scan (it only scans new files, not existing files).

2. Event Bridge

This service is used to forward the GuardDuty events to SQS (there’s no native way to go directly from GuardDuty to SQS).

Event Bridge Configuration 1

Event Bridge Configuration 2

Event Bridge Configuration 3

3. SQS

SQS Configuration 1

Set up a standard queue to receive messages from Event Bridge (we don’t need FIFO queue for this use case).

SQS Configuration 2

For queue policy, set allowed sender to ARN of Event Bridge rule’s assumed role and set allowed receiver to ARN of the application’s AWS user/role.

We can also set up a dead-letter queue to handle failures.

4. S3

Update the bucket’s policy to prevent access to malware files:

S3 Bucket Policy

5. Application

Because the messages are not in format of Laravel queue job, we need to set up a command/scheduler to pull the messages from SQS and process them accordingly.

Application Code

References