How does Deep Security Agent use the Amazon Instance Metadata Service?

When running on EC2 instances in AWS, the Deep Security Agent uses Instance Metadata Service Version 1 (IMDSv1) to query information about the EC2 instance.

The information retrieved by the Deep Security Agent is necessary to ensure that the agent activates under the proper AWS account within Workload Security and the right instance size is used for metered billing.

If the Deep Security Agent cannot successfully retrieve data from the instance using a Metadata Service Version 1 (IMDSv1), the following issues might be encountered:

Issue Root cause Resolution Additional notes
Duplicate computers appear - one under the AWS account and another outside of the AWS account. If the Deep Security Agent does not have access to Instance Metadata Service Version 1 (IMDSv1), Workload Security cannot properly associate this activation with the desired cloud account.

Ensure that Workload Security has access to IMDS v1:

When you launch your instance and are specifying a value for HttpTokens, you must also set HttpEndpoint to optional. For more detail, see Configuring the Instance Metadata Service.

If you determine that the creation of duplicate computers has occurred, you can use inactive agent cleanup to automatically remove these computers.
Incorrect billing of instance hours at the default rate of $0.06 per hour rather than the rate associated with the workload size. If the Deep Security Agent does not have access to Instance Metadata Service Version 1 (IMDSv1), Workload Security cannot properly determine the instance size for metered billing. As a result, the computer does not appear under a cloud account and is charged at the data center rate.

If you believe overbilling has occurred please ensure that:

  1. The Deep Security Agent has access to IMDS v1.
  2. You have added the AWS cloud account to Deep Security.

Please contact technical support for additional assistance.

Smart folders or event-based tasks based on AWS metadata fail. If the Deep Security Agent does not have access to Instance Metadata Service Version 1 (IMDSv1), Workload Security cannot access the AWS metadata needed for these operations. N/A

Support for Instance Metadata Service Version 2 (IMDSv2) will be provided in an upcoming release of the Deep Security Agent.