feat(scan): add support for specifying the scan function timeout (#1340)

# Description * Add a property that allows specifying the scan lambda's timeout. * The corresponding documentation has also been added. * I also upgraded a couple of pre-commit hooks as they were either issuing stark warnings or were plain failing to run. Fixes #1339 # Testing * Unit test added. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
awslabs · Jan 7, 2025 · aaea17d · aaea17d
1 parent 45ed308
commit aaea17d
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 4 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,13 +8,13 @@ repos:
     hooks:
       - id: flake8
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v5.0.0
     hooks:
       - id: check-json
       - id: trailing-whitespace
         exclude: ^API.md||.github/$
   - repo: https://github.com/pre-commit/mirrors-eslint
-    rev: v7.25.0
+    rev: v8.56.0
     hooks:
       - id: eslint
         files: \.[jt]sx?$

diff --git a/API.md b/API.md
diff --git a/src/index.ts b/src/index.ts
@@ -70,6 +70,10 @@ export interface ServerlessClamscanProps {
    * @see https://docs.aws.amazon.com/lambda/latest/operatorguide/computing-power.html
    */
   readonly scanFunctionMemorySize?: number;
+  /**
+   * Optionally set the timeout for the scan function. (Default: 15 minutes).
+   */
+  readonly scanFunctionTimeout?: Duration;
   /**
    * The Lambda Destination for files marked 'CLEAN' or 'INFECTED' based on the ClamAV Virus scan or 'N/A' for scans triggered by S3 folder creation events marked (Default: Creates and publishes to a new Event Bridge Bus if unspecified).
    */
@@ -428,7 +432,7 @@ export class ServerlessClamscan extends Construct {
       vpc: vpc,
       vpcSubnets: { subnets: vpc.isolatedSubnets },
       allowAllOutbound: false,
-      timeout: Duration.minutes(15),
+      timeout: props.scanFunctionTimeout ?? Duration.minutes(15),
       memorySize: props.scanFunctionMemorySize ?? 10240,
       reservedConcurrentExecutions: props.reservedConcurrency,
       environment: {

diff --git a/test/ServerlessClamscan.test.ts b/test/ServerlessClamscan.test.ts
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { ABSENT, anything, arrayWith, objectLike, stringLike } from '@aws-cdk/assert';
-import { Size, Stack } from 'aws-cdk-lib';
+import { Duration, Size, Stack } from 'aws-cdk-lib';
 import { PerformanceMode, ThroughputMode } from 'aws-cdk-lib/aws-efs';
 import { EventBus } from 'aws-cdk-lib/aws-events';
 import { SqsDestination, EventBridgeDestination } from 'aws-cdk-lib/aws-lambda-destinations';
@@ -959,3 +959,20 @@ test('expect EFS throughput mode to be set as configured', () => {
     ThroughputMode: 'provisioned',
   });
 });
+
+test('expect scan function timeout default to be 15 minutes', () => {
+  const stack = new Stack();
+  new ServerlessClamscan(stack, 'default', {});
+  expect(stack).toHaveResourceLike('AWS::Lambda::Function', {
+    Timeout: 900,
+  });
+});
+
+test('expect scan function timeout to be set as configured', () => {
+  const stack = new Stack();
+  new ServerlessClamscan(stack, 'default', { scanFunctionTimeout: Duration.minutes(5) });
+  expect(stack).toHaveResourceLike('AWS::Lambda::Function', {
+    Timeout: 300,
+  });
+});
+