When running on EC2 instances in AWS, the Deep Security Agent uses the Amazon Instance
Metadata Service (IMDS) to query information about the EC2 instance.
![]() |
NoteDeep Security support for IMDS v2 was added in Deep Security Manager FR 2020-04-29
and Deep Security Agent FR 2020-05-19. If you are using an older version of Deep
Security only IMDS v1 is supported and you must ensure that your AWS configuration
allows Deep Security Agent access to host metadata using IMDS v1.
|
The information retrieved by the Deep Security Agent is necessary to ensure that the
agent activates under the proper AWS account within Deep Security.
If the Deep Security Agent cannot successfully retrieve data from the instance using
a Metadata Service Version 1 (IMDSv1) or 2 (IMDSv2), the following issues might be
encountered:
Issue
|
Root cause
|
Resolution
|
Additional notes
|
Duplicate computers appear - one under the AWS account and another outside of the
AWS account.
|
If the Deep Security Agent does not have access to Instance Metadata Service Version
1 (IMDSv1) or 2 (IMDSv2), Deep Security cannot properly associate this activation
with the desired cloud account.
|
Ensure that Deep Security has access to IMDS v1 or IMDS v2.
For more details, see Configuring the Instance Metadata Service.
|
If you determine that the creation of duplicate computers has occurred, you can use
inactive agent cleanup to automatically remove these computers.
|
Smart folders or event-based tasks based on AWS metadata fail.
|
If the Deep Security Agent does not have access to Instance Metadata Service Version
1 (IMDSv1) or 2 (IMDSv2), Deep Security cannot access the AWS metadata needed for
these operations.
|
N/A
|