Follow these steps to configure an Elastio policy for EC2 protection.
Contents
- Access the Policies Menu
- Define Policy Details
- Select Protection Options
- Choose Cloud Connectors
- Select Assets to Protect
- Assign Vaults
Access the Policies Menu
- Navigate to the Policies section in the Elastio console.
- Click on the + New Policy button to create a new policy.
Define Policy Details
- Policy Name: Enter a name for the policy.
- Frequency: Choose the frequency for the policy execution.
- Protection Window Start Time: Specify the start time.
- Time Zone: Select the applicable time zone.
-
Activation: Decide whether to:
- Execute the policy immediately by selecting Activate now.
- Pause the policy until a specified time.
Click Next to proceed.
First Run Timing:
- The first scan operates based on Coordinated Universal Time (UTC).
- If Activate now is selected, the first scan starts at the next 15-minute UTC interval.
- For example, if you create a policy at 10:25 UTC, the first job will begin at 10:30 UTC.
- Subsequent scans will follow the schedule you define.
Select Protection Options
- Protection Mode: Choose Live Scan.
- Optional Settings:
- Always Keep the Last Clean Copy of the Data: Retains a snapshot of the most recent clean state.
-
Always Keep the Latest Infected Copy of the Data: Retains a snapshot of the latest infected state.
- These options are available for EC2 and EBS volumes, where Elastio retains individual snapshots for selected volumes.
- These options are available for EC2 and EBS volumes, where Elastio retains individual snapshots for selected volumes.
Protection Types:
Select one or more protection types:
- Ransomware Detection
- Malware Scan
- Recoverability Check
- Non-Ransomware Entropy Scanning
Refer to the Elastio Scans documentation for detailed descriptions of each protection type.
Choose Cloud Connectors
- Select the Cloud Connectors that define the policy's operational scope.
- This ensures the policy is confined to specific AWS Accounts or Regions, avoiding unintended impacts.
- This ensures the policy is confined to specific AWS Accounts or Regions, avoiding unintended impacts.
Select Assets to Protect
- Choose from the following options for EC2 assets:
- All EC2 Instances: Protects all EC2 instances, excluding unattached EBS volumes. Snapshots of all attached volumes are taken simultaneously for a consistent state.
- All EC2 and EBS: Protects all EC2 instances and unattached EBS volumes.
-
Specific Assets: Select specific EC2 instances or EBS volumes by:
- Asset Name
- Asset ID
- Tags
- AWS Accounts
- AWS Regions
Additional Options
- Choose whether to:
- Skip or scan the latest/all pre-existing EBS snapshots.
- Enable immediate scanning of new assets.
- Elastio will automatically scan newly created instances 5 minutes after creation to ensure safety.
- Elastio will automatically scan newly created instances 5 minutes after creation to ensure safety.
- Optionally, filter assets by tags and click Next.
-
Note: The policy dynamically identifies tagged assets during execution, so assets and tags do not need to exist at the time of policy creation.
-
Note: The policy dynamically identifies tagged assets during execution, so assets and tags do not need to exist at the time of policy creation.
6. Assign Vaults
- In the final step, select the vaults associated with the Cloud Connectors chosen in Step 4. The vault is used to store metadata.
- If no specific separation of scan jobs is required, use the default settings.
Save Options:
- Save & Run: Immediately initiates the first scan. Subsequent scans follow the schedule.
-
Save: The first scan is scheduled based on the policy's configuration.
Click Save or Save & Run to complete the policy setup.
By following these steps, your Elastio policy will efficiently protect your EC2 instances and associated EBS volumes according to your defined parameters.