How to Deploy

Once you've subscribed to the Antivirus and/or Data Classification for Amazon S3 listing(s), the next step is to start your deployment.

Ensure you are subscribed

Ensure you have properly subscribed to Antivirus and/or Data Classification for Amazon S3 before you attempt to deploy the CloudFormation template. If you are not properly subscribed, the deployment will fail to start. Antivirus and/or Data Classification for Amazon S3 won't run because it will fail the AWS Marketplace entitlement check.

If you'd like to run the software outside the context of the AWS Marketplace, please Contact Us to discuss the possibility of a private license.

Resources created during deployment

Deploying Antivirus for Amazon S3 and/or Data Classification for Amazon S3 is accomplished by using a CloudFormation Template that will install the necessary infrastructure components as well as the required roles and permissions. This section will help you fill out and run the CloudFormation Template.

During deployment the CloudFormation Template will create the following resources:

ResourceDescription

ECS Fargate Cluster with 1 Service and Task

This is used to run the Antivirus for Amazon S3 Management Console

DynamoDB; AppConfig

This is used to save data for the software

IAM Roles and Policies

These are used to run the software

Cognito UserPool

Used for user management

SNS Topic and CloudWatch Log Groups --> Streams

These are used for logging and notification purposes

Load Balancer (Optional)

Leverage to use your own domain or to abstract the Management Consoles public access a step further. Check out the Deployment Details for more information

Once running, the Management Console will create the following resources:

  • Services and Tasks (Scanning Agents) in the region cluster where you deployed your Management Console. This is used to run the scanning agents that process the objects.

  • 1 ECS Cluster + Services and Tasks in each additional region you scan buckets in. This is used to run the scanning agents in additional regions.

  • SNS Topic, SQS Queue, S3 Bucket events, CloudWatch Log Groups --> Streams. These are used to keep track of the object work.

Consider the region you are deploying in

Launching the deployment template from the Marketplace Listing will default you to the us-east-1 region. If you'd like to deploy in a different region, please ensure to change regions before proceeding.

Supported regions for Console deployment
  • us-east-1 (N. Virginia)

  • us-east-2 (Ohio)

  • us-west-1 (California)

  • us-west-2 (Oregon)

  • ap-south-1 (Mumbai)

  • ap-northeast-2 (Seoul)

  • ap-southeast-1 (Singapore)

  • ap-southeast-2 (Sydney)

  • ap-northeast-1 (Tokyo)

  • ca-central-1 (Canada)

  • eu-central-1 (Frankfurt)

  • eu-west-1 (Ireland)

  • eu-west-2 (London)

  • eu-west-3 (Paris)

  • eu-north-1 (Stockholm)

  • me-south-1 (Bahrain)

  • sa-east-1 (Sao Paulo)

  • GovCloud (West) AWS regions

Missing regions in this list are due to Amazon Cognito not being supported in those regions.

The scanning agent will run in any region that supports Amazon ECS Fargate.

Once you have taken the above factors into consideration you are ready to move onto the Steps to Deploy our solution.

Last updated