EFS Volumes
Last updated
Last updated
The EFS Protection page will show you any EFS volumes that are associated with the account that you have deployed our solution in, as well as volumes from any accounts linked to your console. Here you'll be able to create Antivirus scanning and Data classification schedules for EFS Volumes.
Currently you can only scan EFS volumes in the account that you deployed our solution in. If you have EFS volumes in other accounts you'll need to deploy a separate deployment in those accounts to scan those volumes.
You can choose to show or hide the EFS volumes from your linked accounts by clicking the 'Show/Hide Linked Accounts' button at the top of the page.
You can create a schedule within the Schedules page, or you can create a schedule for EFS volumes directly from the EFS Volumes page.
Select the EFS volumes you want to protect through a schedule
Click actions and select either Create AV Schedule
or Create DC Schedule
You can select any additional EFS volumes and add EBS volumes or S3 buckets to the schedule through the schedule popup
Once you have all of the resources you want to add to a schedule selected, click on the Create Schedule
tab
Name your schedule, add the scan period and make any additional changes you need
Click Save
once you're done
After your schedule is created you'll want to go to the Schedules page and activate the schedule.
When activating the schedule you will be asked to select the VPC and Subnets where the EFS Volume being scanned resides. This step is critical, as we must place an agent within the same VPC as the Volume to run a scan of the Volume. If the selected VPC for the agent differs from the EFS Volume VPC, the two VPCs must be peered for our scan to execute.
Also note that the chosen VPC and Subnets must allow outbound internet traffic, and mount targets for the EFS Volume(s) must exist in the selected subnets' availability zones.
We have a known issue that you may experience if you attempt to setup an EFS schedule for two volumes in the same region, when the volumes are in different VPCs. The scanner will only scan one of those volumes.
We will fix this in an upcoming release. Please Contact Us if you have any questions or issues related to this.
Now your schedule will run per the scan period that you originally configured. If you need to add or remove volumes, or make any other configuration changes you can always edit the schedule on the Schedules
page.
The schedule icons shown below will reflect whether a bucket is associated with a schedule and whether that schedule is active or not.
Protected by Active Schedule -
Part of an Inactive Schedule -
Not a Part of any Schedule -