Error: AWS Marketplace billing usage data has not been successfully submitted in over 48 hours

If you are subscribed to Deep Security for AWS Marketplace with AWS Marketplace billing you might experience the following error:

"Unable to activate the Agent because AWS Marketplace billing usage data has not been submitted in 48 hours. Ensure your Deep Security Manager instance is assigned an IAM role with permission 'aws-marketplace:MeterUsage' and can reach the AWS Marketplace Billing end point."

Several causes can produce this error:

Cause Description
The IAM role for the Deep Security Manager is configured incorrectly. See Configure the IAM role for the Deep Security AMI from AWS Marketplace
The Deep Security Manager cannot reach the AWS billing service.

The Deep Security Manager communicates with the AWS billing service over port 443 at a URL corresponding with the AWS region that your Deep Security Manager runs in (for example: https://metering.marketplace.us-east-1.amazonaws.com).

To test if connectivity with the AWS billing service is the cause of the error, check if

  • Communications over port 443 or to the AWS billing service URL are restricted by either Deep Security or a third-party firewall.
  • The server on which the Deep Security Manager is running connects directly to the Internet. The Deep Security Manager cannot connect to the AWS billing service through a proxy or VPN.
The Deep Security Manager cannot reach the AWS metadata server.

To test if connectivity with the AWS metadata server is causing the error, log in to the Deep Security Manager over SSH and run the following curl command:

curl http://169.254.169.254/latest/meta-data/