Create the Scan
Objective: Create an On-Demand DLP Scan
At this point, you’ve created three data classifications (based on regular expressions) and some simple policies that use them. Now it’s time to apply all of your policies to the S3 buckets in your AWS account using an On-Demand Scan.
Tasks
Create a Scan
- From the main menu bar, select Policy then On-Demand Scan.
- Using the Actions drop-down menu, select Create a Scan.
- From the General Info screen, select the DLP & Malware scan type.
- Provide a name for the scan, such as “RegEx DLP Scan”.
- Under the Service Instance dropdown, select the AWS account you configured earlier.
- For Service Type, select Storage (S3).
- For Hosted, select Cloud (via API).
- Click Next.
Add All of Your RegEx Policies to the Scan
- From the Select Policies page, select all three DLP policies you created earlier (which implement your RegEx classifications).
- Click Next.
Configure the Scan
- From the Data Scope section, select the Full option and All dates.
- In the Buckets section, select the Exclude CloudTrail Buckets option (if available) and set Buckets to Scan to All Buckets.
- In the Accounts section, set Accounts to Scan to All Accounts.
- Click Next.
(Don’t) Schedule the Scan
- Since we are in a lab environment and want to run this scan manually, set the Frequency to None (On-Demand Only).
- Click Next.
Review Your Scan Settings
Ensure that your scan settings are similar to those below and click Save.