How to Deploy
Once you've subscribed to Amazon S3 and/or Data Classification for Amazon S3, the next step is to start your deployment.
Ensure you have properly subscribed to Antivirus and/or Data Classification for Amazon S3 before you attempt to deploy the CloudFormation template. If you are not properly subscribed, the deployment will fail to start. Antivirus and/or Data Classification for Amazon S3 won't run because it will fail the AWS Marketplace entitlement check.
If you'd like to run the software outside the context of the AWS Marketplace, please Contact Us to discuss the possibility of a private license.
Deploying Antivirus for Amazon S3 and/or Data Classification for Amazon S3 is accomplished by using a CloudFormation Template that will install the necessary infrastructure components as well as the required roles and permissions. This section will help you fill out and run the CloudFormation Template.
During deployment the CloudFormation Template will create the following resources:
ECS Fargate Cluster with 1 Service and Task
This is used to run the Antivirus for Amazon S3 Management Console
This is used to save data for the software
IAM Roles and Policies
These are used to run the software
Used for user management
SNS Topic and CloudWatch Log Groups --> Streams
These are used for logging and notification purposes
Load Balancer (Optional)
Leverage to use your own domain or to abstract the Management Consoles public access a step further. Check out the Deployment Details for more information
Once running, the Management Console will create the following resources:
- 1-2 Services and Tasks (Scanning Agents) to existing region cluster. This is used to run the scanning agents that process the objects.
- 1 ECS Cluster and 1-2 Services and Tasks in each additional region you scan buckets. This is used to run the scanning agents in new regions.
- SNS Topic, SQS Queue, S3 Bucket events, CloudWatch Log Groups --> Streams. These are used to keep track of the object work.
Launching the deployment template from the Marketplace Listing will default you to the
us-east-1region. If you'd like to deploy in a different region, please ensure to change regions before proceeding.
- us-east-1 (N. Virginia)
- us-east-2 (Ohio)
- us-west-1 (California)
- us-west-2 (Oregon)
- ap-south-1 (Mumbai)
- ap-northeast-2 (Seoul)
- ap-southeast-1 (Singapore)
- ap-southeast-2 (Sydney)
- ap-northeast-1 (Tokyo)
- ca-central-1 (Canada)
- eu-central-1 (Frankfurt)
- eu-west-1 (Ireland)
- eu-west-2 (London)
- eu-west-3 (Paris)
- eu-north-1 (Stockholm)
- me-south-1 (Bahrain)
- sa-east-1 (Sao Paulo)
- GovCloud (West) AWS regions
Missing regions in this list are due to Amazon Cognito not being supported in those regions.
The scanning agent will run in any region that supports Amazon ECS Fargate.
Once you have taken the above factors into consideration you are ready to move onto the Steps to Deploy our solution.