There are two ways that Deep Security provides AWS GovCloud (US) support:
-
You can use the Trend Micro Deep Security AMI (Per Protected Instance Hour or BYOL license type) that is available from the AWS Marketplace for AWS GovCloud (US). The deployment instructions for the AWS GovCloud (US) region are the same as any other region. See Getting started with Deep Security AMI from AWS Marketplace.
-
You can install the enterprise version of the Deep Security software on an AWS instance running in the AWS GovCloud (US) region.
Protecting AWS GovCloud (US) instances using a manager in a commercial AWS instance
 |
WARNINGBe aware that if your Deep Security Manager is outside of the AWS GovCloud, using
it to manage computers in the AWS GovCloud would break ITAR compliance.
|
If your Deep Security Manager is in a commercial AWS instance and you want to use
it to protect AWS GovCloud instances, you cannot use the cloud connector provided
in the Deep Security Manager console to add the instances. If Deep Security Manager
is running in a special region (like AWS GovCloud), it can connect to that region
and also connect to instances in commercial AWS regions. But if Deep Security Manager
is in a commercial region, it can connect to all commercial AWS regions but not special
regions like AWS GovCloud.
If you want to add a special region connector (like AWS GovCloud) into a Deep Security
Manager running in commercial AWS, you will need to use the Deep Security legacy REST
API to do so and supply the
seedRegion argument to tell the Deep Security Manager that it's connecting outside of commercial
AWS. For information about the API, see Use the Deep Security API to automate tasks.