# Amazon EBS Volumes {% embed url="" %} ## Architecture
1. The Console Service creates an EC2 instance in the EBS Volume region as a Scanning Agent 2. The Agent creates an EBS Snapshot 3. The EBS Snapshot is scanned by the Scanning Agent 4. Results are sent to CloudWatch 5. Job status and other scan details are sent to DyanamoDB 6. The Console service ingests details from CloudWatch and DyanamoDB, and when the scan is done, scanning architecture and the EBS Snapshot are torn down ## Console EBS Protection Page The EBS Protection page will show you any EBS volumes that are associated with the account that you have deployed our solution in, as well as volumes from any accounts linked to your console. Here you'll be able to create Antivirus scanning and Data Classification schedules for EBS Volumes.
## Setting up your VPC and Subnets for the regions you are protecting EBS volumes in If you do not have a VPC and subnets staged in the region your EBS Volumes exist in, you will be asked to set a VPC and subnets when activating the schedule. You can learn more about staging regions in the [Event Agent Settings](https://help.cloudstoragesec.com/configuration/agent-settings#staged-regions) page.

VPC and Subnets

## Creating an EBS volume scan or classification schedule You can create a schedule within the [Schedules page](https://help.cloudstoragesec.com/console-overview/scheduled-scans), or you can create a schedule for EBS volumes directly from the EBS Volumes page. 1. Select the EBS volume(s) you want to protect through a schedule 2. Click actions and select either `Create AV Schedule` or `Create DC Schedule` 3. You can select any additional EBS volumes and add EFS volumes or S3 buckets to the schedule through the schedule popup 4. Once you have all of the resources you want to add to a schedule selected, click on the `Create Schedule` tab 5. Name your schedule, add the scan period and make any additional changes you need 6. Click `Save` once you're done

Create your Schedule

After your schedule is created you'll want to go to the Schedules page and activate the schedule.

Activate your Schedule

Now your schedule will run per the scan period that you originally configured. If you need to add or remove volumes, or make any other configuration changes you can always edit the schedule on the `Schedules` page. ## Volume Schedule Statuses The schedule icons shown below will reflect whether a bucket is associated with a schedule and whether that schedule is active or not. * Protected by Active Schedule - ![Green clock](https://905555942-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlGcQw8I2CHyi1loKBlfi%2Fuploads%2FcWjXBZghM895Qpeu9Zr7%2Fgreen-clock.png?alt=media) * Part of an **Inactive** Schedule - ![Red clock](https://905555942-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlGcQw8I2CHyi1loKBlfi%2Fuploads%2FD1I4zDFdWHhwv79Ma0Zi%2Fyellow-clock.png?alt=media) * Not a Part of any Schedule - ![Red clock](https://905555942-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlGcQw8I2CHyi1loKBlfi%2Fuploads%2FLAvOVzethjMYhwSe7V27%2Fred-clock.png?alt=media) ## On-demand antivirus scanning and data classification

EBS On-demand Scanning

In addition to scheduled scans, you can select and perform on-demand AV and DC scanning for EBS volumes.