AWS Marketplace Quick Start

If you are experiencing issues with the CloudFormation template during Quick Start deployment, you can check the stack events of the template to help you diagnose them. If your issue isn't covered here, you can also Gather stack information and contact Trend Micro support.

Check CloudFormation template stack events

The CloudFormation template uses multiple stacks to deploy Deep Security. You can check the event history of each stack for status messages that may help you diagnose issues.

It may take 50 or more minutes for all stacks in the template to finish.

Issues often occur because:

To check the event history of each stack and see if these or other issues have occurred:

  1. In the AWS console, go to the CloudFormation page.
    The CloudFormation template page will appear with the Quick Start deployment CloudFormation template stacks displayed.
  2. Select a stack from the list.
    By default the template page only shows active stacks. If there has been an issue in a stack, it may no longer be active. To see event logs for stacks in other states, click on the Filter dropdown list and select each of the filter options.
  3. Check the event log of the stack for messages caused by the frequently occurring issues described below or for any other unusual status messages.
  4. Repeat the above for each stack in the template.

For more general troubleshooting information on CloudFormation templates see the AWS troubleshooting guide on CloudFormation. You can also learn more about stack information and status from the AWS guide on Viewing Stack Information.

AWS Marketplace terms were not accepted

If you don't accept the terms in the AWS Marketplace page before subscribing, you will see the following error for one of the stacks:

Status Status Description
CREATE_FAILED In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit <link to Deep Security marketplace product page>

The error message will include a link to the product page. Go to the product page, select Continue and agree to the licensing terms, and then run the CloudFormation template again.

If you are using single sign on (SSO) and have a parent account, that account may also need to accept the subscription.

A stack could not create the IAM role

If you don't acknowledge that CloudFormation may create IAM resources during stack creation, you will see the following error for one of the stacks:

Status Status Description
CREATE_FAILED Requires capabilities : [CAPABILITY_IAM]

If this happens, you will need to run the CloudFormation template again. During stack creation, on the bottom of the confirmation page, make sure that you've selected I acknowledge that AWS CloudFormation might create IAM resources with custom names before continuing.

A stack could not create the Deep Security Manager database

You may see the following error for one of the stacks:

Status Status Description
CREATE_FAILED The following resource(s) failed to create: [DSDatabaseAbstract]

This error will occur if the private subnets for the database in your Multi-AZ deployment are in the same availability zone. For the CloudFormation template to run correctly, each private subnet must be in a different availability zone.

Gather stack information and contact Trend Micro support

If you are still unable to diagnose your issue you can open a ticket with Trend Micro support. Before you do so build the stack with the 'Rollback on failure' setting disabled. This will help support better diagnose your issue. To do so:

  1. On the Option page, open the Advanced section and select No for Rollback on Failure.
  2. Record your AWS region and the URL of your Quick Start template.
  3. Open a support ticket with Trend Micro, and provide them with the AWS region and the Quick Start template URL you recorded. If this is your first time contacting support, you can provide the same to Trend Micro Support at aws@trendmicro.com.