Integrate with AWS Systems Manager Distributor

AWS Systems Manager Distributor is a feature integrated with AWS Systems Manager that you can use to securely store and distribute software packages in your accounts. By integrating with AWS Systems Manager Distributor, you can distribute Deep Security Agents across multiple platforms, control access to managed instances, and automate your deployments.

Create an IAM policy

Follow the instructions in Importing existing managed policies.

In the Import managed policies window, add the "AmazonSSMManagedInstanceCore" policy.

Create a role and assign the policy

Follow the instructions in Creating a role for an AWS service.

In the Attach permissions policies window, add the “AmazonSSMManagedInstanceCore” permission.

Create parameters

  1. In your AWS console, navigate to AWS Systems Manager > Application Management > Parameter Store.
  2. There are 4 parameters that need to be created. Click Create parameter and enter the Name and Value as listed in the table below. The other fields can be left on their default values.
Name Value
dsActivationUrl dsm://dsm.company.com:4120/
dsManagerUrl https://dsm.company.com:443
dsTenantId For single tenant environments, this parameter is not required. For multi-tenants, on the Deep Security Manager, go to Support > Deployment Scripts. Scroll to the bottom of the generated script and copy the tenantID.
dsToken For single tenant environments, this parameter is not required. For multi-tenants, on the Deep Security Manager, go to Support > Deployment Scripts. Scroll to the bottom of the generated script and copy the token.

Make sure the values for dsActivationUrl and dsManagerUrl are entered exactly as they appear, taking care to include the trailing slash where applicable.

Integrate with AWS Systems Manager Distributor

  1. In the AWS console, go to AWS Systems Manager > Node Management > Distributor.
  2. Select the TrendMicro-CloudOne-WorkloadSecurity package, then Install on a Schedule.
  3. The Create Association page opens. Fill in the required fields. For Installation Type, we recommend you use the In-place update option.
  4. Create a schedule. Leveraging a scheduled State Manager Association will ensure agents are always installed and up to date.

Protect your computers

We recommend configuring a cloud connector for each AWS account which will contain managed agents. It might also be necessary to create a policy specific to the systems which will be managed by Distributor.