How the agent uses Amazon Instance Metadata Service

When running on EC2 instances in AWS, the agent uses the Amazon Instance Metadata Service (IMDS) to query information about the EC2 instance.

Note

Support for Instance Metadata Service Version 2 (IMDSv2) was added in the agent version 12 FR 2020-05-19. If you are using an earlier version of the agent, only Instance Metadata Service Version 1 (IMDSv1) is supported and you must ensure that your AWS configuration allows the agent access to host metadata using IMDSv1.

The information retrieved by the agent is necessary to ensure that the agent activates under the proper AWS account within Workload Security and the right instance size is used for metered billing.

If the agent cannot successfully retrieve data from the instance using IMDSv1 or IMDSv2, you might encounter issues described in the following table:

Issue	Root cause	Resolution	Additional notes
Duplicate computers appear - one under the AWS account and another outside of the AWS account.	If the agent does not have access to IMDSv1 or IMDSv2, Workload Security cannot properly associate this activation with the desired cloud account.	Ensure that Workload Security has access to IMDSv1 or IMDSv2. For details, see Configuring the Instance Metadata Service.	If you determine that the creation of duplicate computers has occurred, you can use inactive agent cleanup to automatically remove these computers.
Incorrect billing of instance hours at the default rate of $0.06 per hour rather than the rate associated with the workload size.	If the agent does not have access to IMDSv1 or IMDSv2, Workload Security cannot properly determine the instance size for metered billing. As a result, the computer does not appear under a cloud account and is charged at the data center rate.	If you believe overbilling has occurred, ensure the following: The agent has access to IMDSv1 or IMDSv2. You have added the AWS cloud account to Workload Security. Contact Trend Micro technical support for additional assistance.
Smart folders or event-based tasks based on AWS metadata fail.	If the agent does not have access to IMDSv1 or IMDSv2, Workload Security cannot access the AWS metadata needed for these operations.	N/A