Steps to Deploy
If you're planning to deploy both AV and DC at the same, then subscribe to both products and deploy AV first. When you enter the AV management console you can navigate to Configuration->License Management, where you will see an option to activate DC.
You must provide values for the following fields in the CloudFormation template:
- 1.Virtual Private Cloud (VPC) ID
- 2.Subnet A ID
- 3.Subnet B ID
- 4.Console Security Group CIDR Block
- 5.Email
You can leave all the default settings in the rest of the fields.
Antivirus for Amazon S3
Data Classification for Amazon S3
Quick Create Stack Configuration
Quick Create Stack Configuration
- You must select a
VPCfrom the drop down list for the Management Console to run in. - You must select a
Subnet A IDfrom the drop down list contained in the selected VPC.
The subnets you choose for
A and B must either be able to offer a public IP or be on a network you can access. Without that, the console will run, but not be reachable. This could simply be a public subnet reachable through an Internet Gateway. Or it could be a private subnet that is an extension of your corporate network you access either from your corporate network or through a VPN connection. Or these subnets maybe private subnets fronted by a public Load Balancer. Learn more about this option in the Advanced Deployment Considerations.- You must select a different
Subnet B IDfrom the drop down list contained in the selected VPC.
If you select the same subnet, stack creation will fail. If you happen to pick the same value for each field, you will get a message as follows, please correct this before moving on.
Ensure both subnets you select belong to the VPC you have selected. It is a best practice to select subnets in different Availability Zones.
- You must select a
Console Security Group CIDR Block. Specify your network access or set to "0.0.0.0/0" to access the Antivirus for Amazon S3 Management Console from anywhere.
0.0.0.0/0 is wide open to the world. The application is still protected by SSL, a username and a password, but you may still choose to control this access. This could be your corporate network range or the /32 IP address your specific system is currently assigned. Google "what's my ip" and the first thing returned is what your current IP address is.
Note: If your IP address changes, you may have to manually change the AWS Security Group value to represent the new IP
- You must set a valid Email address.
If you do not properly set the above 5 items, the stack creation will fail or you will be unable to access your deployment. If you run into any trouble whatsoever, please Contact Us.
The 5 fields discussed above are the minimum fields that have to be set to get the product successfully deployed. For many deployments, the default settings will work well. With that said, the other options in the CloudFormation Template could be beneficial for you to configure and therefore could warrant your attention.
To view details for configuring additional settings within your CloudFormation Template you can review our Advanced Deployment Considerations section. Feel free to SKIP this section if you just want to start with the defaults. However, please consider two exceptions:
- 1.By default, the stack will deploy without the use of a Load Balancer. There are times when this will not work for your use case. Two such scenarios are: you want to use your own DNS and SSL certificate or you want to deploy in a private subnet behind a NAT. These are both great reasons to leverage a load balancer.If you would like to include a load balancer at the time of deployment you can do so in your CloudFormation Template. You can also add a load balancer to an existing deployment without one. And you can remove the load balancer after the fact as well. Simply run a Stack Update and add or remove the load balancer. This must be done manually through the CloudFormation Console.
- 2.Resources can only be renamed to match your particular naming scheme at the time of deployment. Changing these values later will result in errors. The default values are fine to leave but if you feel the need to rename values such as your quarantine bucket you should do so now before you've deployed.
You can learn more about both of the above considerations by reviewing our Advanced Deployment Considerations section.
Check
I acknowledge that AWS CloudFormation might create IAM resources with custom names. under Capabilities. Click Create Stack at the bottom of the screen.The stack you just created will have a status of
CREATE_IN_PROGRESS. Wait for this to change to CREATE_COMPLETE.Antivirus for Amazon S3
Data Classification for Amazon S3
Create In Progress
Create In Progress
When finished the status will show
CREATE_COMPLETE:Antivirus for Amazon S3
Data Classification for Amazon S3
Create Complete
Create Complete
Antivirus for Amazon S3
Data Classification for Amazon S3
Outputs
Outputs
Once the stack creation completes, click the
Output tab. The top row in the table will have the URL for your Management Console. It will be in the format of https://<accountID-appID>.cloudstoragesecapp.com.You will also receive an email to the address you entered while configuring your CloudFormation Template details.
It may take a few minutes for DNS to propagate the URL of your management console. If you are unable to load the URL provided in the email/CloudFormation Outputs then wait a few minutes. If it continues to be an issue, check the console access troubleshooting to see if it is another issue or Contact Us.
If you chose to use a load balancer, the first field will be called
LBWebAddress instead of ConsoleWebAddress
You have completed creating the stack for Antivirus and/or Data Classification for Amazon S3. Next, go to the How to Configure section to start setting up the anti-malware detection.
Last modified 3mo ago