Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  • Ensure you are subscribed
  • Resources created during deployment
  • Consider the region you are deploying in
  1. Getting Started

How to Deploy

Once you've subscribed to the Antivirus and/or Data Classification for Amazon S3 listing(s), the next step is to start your deployment.

PreviousAWS Transfer FamilyNextSteps to Deploy

Last updated 1 year ago

Ensure you are subscribed

Ensure you have properly subscribed to Antivirus and/or Data Classification for Amazon S3 before you attempt to deploy the CloudFormation template. If you are not properly subscribed, the deployment will fail to start. Antivirus and/or Data Classification for Amazon S3 won't run because it will fail the AWS Marketplace entitlement check.

If you'd like to run the software outside the context of the AWS Marketplace, please to discuss the possibility of a private license.

Resources created during deployment

Deploying Antivirus for Amazon S3 and/or Data Classification for Amazon S3 is accomplished by using a CloudFormation Template that will install the necessary infrastructure components as well as the required roles and permissions. This section will help you fill out and run the CloudFormation Template.

During deployment the CloudFormation Template will create the following resources:

Resource
Description

ECS Fargate Cluster with 1 Service and Task

This is used to run the Antivirus for Amazon S3 Management Console

DynamoDB; AppConfig

This is used to save data for the software

IAM Roles and Policies

These are used to run the software

Cognito UserPool

Used for user management

SNS Topic and CloudWatch Log Groups --> Streams

These are used for logging and notification purposes

Load Balancer (Optional)

Once running, the Management Console will create the following resources:

  • Services and Tasks (Scanning Agents) in the region cluster where you deployed your Management Console. This is used to run the scanning agents that process the objects.

  • 1 ECS Cluster + Services and Tasks in each additional region you scan buckets in. This is used to run the scanning agents in additional regions.

  • SNS Topic, SQS Queue, S3 Bucket events, CloudWatch Log Groups --> Streams. These are used to keep track of the object work.

Consider the region you are deploying in

Launching the deployment template from the Marketplace Listing will default you to the us-east-1 region. If you'd like to deploy in a different region, please ensure to change regions before proceeding.

Supported regions for Console deployment
  • us-east-1 (N. Virginia)

  • us-east-2 (Ohio)

  • us-west-1 (California)

  • us-west-2 (Oregon)

  • ap-south-1 (Mumbai)

  • ap-northeast-2 (Seoul)

  • ap-southeast-1 (Singapore)

  • ap-southeast-2 (Sydney)

  • ap-northeast-1 (Tokyo)

  • ca-central-1 (Canada)

  • eu-central-1 (Frankfurt)

  • eu-west-1 (Ireland)

  • eu-west-2 (London)

  • eu-west-3 (Paris)

  • eu-north-1 (Stockholm)

  • me-south-1 (Bahrain)

  • sa-east-1 (Sao Paulo)

  • GovCloud (West) AWS regions

Missing regions in this list are due to Amazon Cognito not being supported in those regions.

The scanning agent will run in any region that supports Amazon ECS Fargate.

Leverage to use your own domain or to abstract the Management Consoles public access a step further. Check out the for more information

Once you have taken the above factors into consideration you are ready to move onto the our solution.

Contact Us
Steps to Deploy
Deployment Details