If you previously used Add Cloud Account to import Amazon Web Services resources into Deep Security Manager, those resources are organized by AWS region on Computers. You may have run the wizard more than once if you have multiple AWS regions.
The latest versions of Deep Security enable you to display your AWS instances under your AWS account name, organized in a hierarchy that includes the AWS region, VPC, and subnet.
Before migrating your AWS resources, edit the policy that allows Deep Security to access your AWS account:
  1. Log in to your Amazon Web Services console and go to Identity and Access Management (IAM).
  2. Click Policies on the left.
  3. In the list of policies, select the policy that permits Deep Security to access your AWS account.
  4. Go to the Policy Document tab and click Edit.
  5. Edit the policy document to include the following JSON code: 
    {
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "cloudconnector",
			"Effect": "Allow",
			"Action": [
				"ec2:DescribeImages",
				"ec2:DescribeInstances",
				"ec2:DescribeRegions",
				"ec2:DescribeSubnets",
				"ec2:DescribeTags",
				"ec2:DescribeVpcs",
				"iam:ListAccountAliases",
				"sts:AssumeRole"
			],
			"Resource": [
				"*"
			]
		}
	]
}
    The "sts:AssumeRole" permission is required only if you are using cross-account role access. For more information on IAM roles, see Delegate access across AWS accounts using IAM roles.
  6. Select Save as default version.
To migrate your AWS resources in Deep Security Manager:
  1. Go to Computers.
  2. On the left, right-click an AWS region and select Upgrade to Amazon Account.
  3. Click Finish.
  4. Click Close.
Your AWS instances appear under your AWS account name, organized in a hierarchy that includes the AWS region, VPC, and subnet.