Add an AWS account using a cross-account role

Follow the instructions below to add an AWS account using a cross-account role. Use a cross-account role if you want to add multiple AWS accounts.

The instructions below assume you want to add AWS accounts with these names:

  • AWS Primary Account
  • AWS Account A

You can also add a cross-account role through the Deep Security API. See Add the account through the API for details.

After completing the above tasks, proceed to Install the agent on your Amazon EC2 and WorkSpace instances if you have not done so already.

Add the account through the API

  1. If you don’t yet have the external ID, call the Deep Security /api/awsconnectorsettings endpoint to retrieve it (the ExternalId parameter). For more on this ID, see What is the external ID?
  2. In AWS, specify the external ID in your cross-account role's IAM trust policy.
  3. Use the /api/awsconnectors API endpoint to add AWS accounts to Deep Security. (Do not use the /rest/cloudaccounts/aws API because it has been deprecated.) See for details on how long the /rest/cloudaccounts/aws API will continue to be supported and tips on how to move to the new endpoint.