AWS GovCloud (US) support
There are two ways that Deep Security provides AWS GovCloud (US) support:
- You can use the Trend Micro Deep Security AMI (BYOL license type) that is available from the AWS GovCloud Marketplace. The deployment instructions for the AWS GovCloud (US) region are the same as any other region. See Getting started with Deep Security AMI from AWS Marketplace.
- You can install the enterprise version of the Deep Security software on an AWS instance running in the AWS GovCloud (US) region.
Deep Security as a Service does not support GovCloud. Computers on the AWS GovCloud must comply with user and data transmission restrictions as specified by United States of America International Traffic in Arms Regulations (ITAR). Because the Deep Security as a Service operating model requires the transmission of data outside of the AWS GovCloud, using it to manage computers in the GovCloud would break this compliance.
Protecting GovCloud instances using a manager in a commercial AWS instance
Be aware that if your Deep Security Manager is outside of the AWS GovCloud, using it to manage computers in the GovCloud would break ITAR compliance.
If your Deep Security Manager is in a commercial AWS instance and you want to use it to protect GovCloud instances, you cannot use the cloud connector provided in the Deep Security Manager console to add the instances. If Deep Security Manager is running in a special region (like GovCloud), it can connect to that region and also connect to instances in commercial AWS regions. But if Deep Security Manager is in a commercial region, it can connect to all commercial AWS regions but not special regions like GovCloud.
If you want to add a special region connector (like GovCloud) into a Deep Security Manager running in commercial AWS, you will need to use the Deep Security API to do so and supply the seedRegion argument to tell the Deep Security Manager that it's connecting outside of commercial AWS. For information on using the API, see How to use the Deep Security REST API.