How do I configure the IAM role for an instance running Deep Security from AWS Marketplace?

You will not be able to launch Deep Security AMI from AWS Marketplace until you have configured the AWS Identity and Access Management (IAM) settings for the instance. The Deep Security Manager instance needs an IAM role with appropriate permissions and trust relationships associated with it to be able to authenticate to the AWS Marketplace Metering Service and record software usage. This means that your instance has to have an

  • Internet connection to AWS services
  • IAM role with appropriate permissions and trust relationships associated with it at the time of launch

IAM role requirements

Required IAM permission The IAM role you associate with the instance has to have the following IAM permission: aws-marketplace:MeterUsage The recommended method for giving the IAM role this permission is to attach the AWS managed policy AWSMarketplaceMeteringFullAccess to the role.
Required trust relationship The IAM role has to have a trust relationship with the ec2.amazonaws.com service. For information on how to change which trusted principles can access an IAM role, see Modifying a Role (AWS Management Console).

After you have created the IAM role and attached the AWSMarketplaceMeteringFullAccess policy to it and added ec2.amazonaws.com as a trusted service, make sure you select that role from the IAM role list on the Configure Instance Details page before you launch the instance.

For more information on IAM roles, see the AWS article IAM Roles for Amazon EC2.