AWS Marketplace CloudFormation Template

If you are experiencing issues with the CloudFormation template during stack deployment, you can check the stack events of the template to help you diagnose them. If your issue is not described, you can also Gather stack information and contact Trend Micro support.

Check CloudFormation template stack events

The CloudFormation template uses multiple stacks to deploy Deep Security. You can check the event history of each stack for status messages that may help you diagnose issues.

It may take more than 50 minutes for all stacks in the template to finish.

Issues often occur because of the following:

You can check the event history of each stack and see if these or other issues have occurred, as follows:

  1. In the AWS console, go to the CloudFormation page to see the CloudFormation template page with the Deep Security Manager CloudFormation stacks displayed.
  2. Select a stack from the list. By default the template page only shows active stacks. If there has been an issue in a stack, it may no longer be active. To see event logs for stacks in other states, click the Filter list and select each of the filter options.
  3. Check the event log of the stack for messages caused by the frequently occurring issues or for any other unusual status messages.
  4. Repeat the preceding steps for each stack in the template.

For more general troubleshooting information on CloudFormation templates, see the AWS troubleshooting guide on CloudFormation. You can also learn more about stack information and status from the AWS guide on Viewing Stack Information.

AWS Marketplace terms were not accepted

If you do not accept the terms in the AWS Marketplace page before subscribing, expect to see the following error for one of the stacks:

Status Status Description
CREATE_FAILED In order to use this AWS Marketplace product, you need to accept terms and subscribe. For instructions on how to do this, see <link to Deep Security marketplace product page>

The error message includes a link to the product page. Go to the product page, select Continue, agree to the licensing terms, and then run the CloudFormation template again.

If you are using single sign on (SSO) and have a parent account, that account may also need to accept the subscription.

A stack could not create the IAM role

If you do not acknowledge that CloudFormation may create IAM resources during stack creation, expect to see the following error for one of the stacks:

Status Status Description
CREATE_FAILED Requires capabilities : [CAPABILITY_IAM]

If this happens, run the CloudFormation template again. During stack creation, at the bottom of the confirmation page, make sure that you have selected I acknowledge that AWS CloudFormation might create IAM resources with custom names before continuing.

A stack could not create the Deep Security Manager database

You may see the following error for one of the stacks:

Status Status Description
CREATE_FAILED The following resource(s) failed to create: [DSDatabaseAbstract]

This error occurs if the private subnets for the database in your Multi-AZ deployment are in the same availability zone. For the CloudFormation template to run correctly, each private subnet must be in a different availability zone.

Gather stack information and contact Trend Micro support

If you are still unable to diagnose your issue, you can open a ticket with Trend Micro support. Before you do this, build the stack with the Rollback on Failure setting disabled. This can help Trend Micro support to diagnose your issue.

  1. On the Option page, open the Advanced section and select No for Rollback on Failure.
  2. Record your AWS region and the URL of your CloudFormation template and the version of Deep Security Manager version you want to deploy in AWS.
  3. Open a support ticket with Trend Micro and provide them with the AWS region, the CloudFormation template URL, the Deep Security Manager version, and the CloudFormation stack failed event message from the AWS console. If this is your first time contacting support, you can provide the same to Trend Micro Support at aws@trendmicro.com.