# How to Deploy

## Ensure you are subscribed

Ensure you have properly subscribed to Antivirus and/or Data Classification for Amazon S3 before you attempt to deploy the CloudFormation template. If you are not properly subscribed, the deployment will fail to start. Antivirus and/or Data Classification for Amazon S3 won't run because it will fail the AWS Marketplace entitlement check.

If you'd like to run the software outside the context of the AWS Marketplace, please [Contact Us](https://help.cloudstoragesec.com/contact-us) to discuss the possibility of a private license.

## Resources created during deployment

Deploying **Antivirus for Amazon S3** and/or **Data Classification for Amazon S3** is accomplished by using a CloudFormation Template that will install the necessary infrastructure components as well as the required roles and permissions. This section will help you fill out and run the CloudFormation Template.

During deployment the CloudFormation Template will create the following resources:

| Resource                                        | Description                                                                                                                                                                                                                    |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| ECS Fargate Cluster with 1 Service and Task     | This is used to run the Antivirus for Amazon S3 Management Console                                                                                                                                                             |
| DynamoDB; AppConfig                             | This is used to save data for the software                                                                                                                                                                                     |
| IAM Roles and Policies                          | These are used to run the software                                                                                                                                                                                             |
| Cognito UserPool                                | Used for user management                                                                                                                                                                                                       |
| SNS Topic and CloudWatch Log Groups --> Streams | These are used for logging and notification purposes                                                                                                                                                                           |
| Load Balancer (**Optional**)                    | Leverage to use your own domain or to abstract the Management Consoles public access a step further. Check out the [Deployment Details](https://help.cloudstoragesec.com/how-it-works/deployment-details) for more information |

Once running, the Management Console will create the following resources:

* Services and Tasks (Scanning Agents) in the region cluster where you deployed your Management Console. This is used to run the scanning agents that process the objects.
* 1 ECS Cluster + Services and Tasks in each additional region you scan buckets in. This is used to run the scanning agents in additional regions.
* SNS Topic, SQS Queue, S3 Bucket events, CloudWatch Log Groups --> Streams. These are used to keep track of the object work.

## Consider the region you are deploying in

Launching the deployment template from the Marketplace Listing will default you to the `us-east-1` region. If you'd like to deploy in a different region, please ensure to change regions before proceeding.

<details>

<summary>Supported regions for Console deployment</summary>

* us-east-1 (N. Virginia)
* us-east-2 (Ohio)
* us-west-1 (California)
* us-west-2 (Oregon)
* ap-south-1 (Mumbai)
* ap-northeast-2 (Seoul)
* ap-southeast-1 (Singapore)
* ap-southeast-2 (Sydney)
* ap-northeast-1 (Tokyo)
* ca-central-1 (Canada)
* eu-central-1 (Frankfurt)
* eu-west-1 (Ireland)
* eu-west-2 (London)
* eu-west-3 (Paris)
* eu-north-1 (Stockholm)
* me-south-1 (Bahrain)
* sa-east-1 (Sao Paulo)
* GovCloud (West) AWS regions

**Missing regions in this list are due to Amazon Cognito not being supported in those regions.**

</details>

{% hint style="info" %}
The scanning agent will run in any region that supports Amazon ECS Fargate.
{% endhint %}

Once you have taken the above factors into consideration you are ready to move onto the [Steps to Deploy](https://help.cloudstoragesec.com/getting-started/how-to-deploy/steps-to-deploy) our solution.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.cloudstoragesec.com/getting-started/how-to-deploy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.