reference deployment

Deep Security on AWS

Deploy and configure Trend Micro Deep Security

This Partner Solution deploys Deep Security using AWS CloudFormation templates and offers two license models. You can also launch this Partner Solution with either licensing option in the AWS GovCloud (US) Region.

The default configuration protects instances in the virtual private cloud (VPC) where the Deep Security Manager is deployed. After deployment, you can modify your setup to protect instances across your entire AWS infrastructure.

This Partner Solution was developed by Trend Micro in collaboration with AWS. Trend Micro is an AWS Partner.

AWS Service Catalog administrators can add this architecture to their own catalog.

This Partner Solution supports the AWS GovCloud (US) Region.
  •  What you'll build
  • This Partner Solution sets up the following:

    • A highly available architecture that spans two Availability Zones.*
    • A VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
    • An internet gateway that connects the VPC to the internet.
    • In the public subnets:
      • Amazon Elastic Compute Cloud (Amazon EC2) instances for Deep Security Manager.
      • Elastic Load Balancing that distributes incoming traffic across the Amazon EC2 instances (not shown).
    • In the private subnets:
      • Amazon Relational Database Service (Amazon RDS) to set up, operate, and scale a relational database.
  •  How to deploy
  • To deploy this Partner Solution, follow the steps in the deployment guide, which includes these steps. The stack takes about 1 hour to launch.

    1. If you don't already have an AWS account, sign up at and set up your VPC. The VPC must have two private subnets in different Availability Zones, and one public subnet with an attached internet gateway.
    2. Subscribe to Deep Security, choosing the Per Protected Instance Hour or BYOL licensing option.
    3. Launch the Partner Solution for the licensing option you selected. Each deployment takes less than an hour. You can choose from four options:
    4. Log in to the Deep Security Manager console.
    5. Deploy agents to protect your instances.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this Partner Solution reference deployment. There is no additional cost for using the Partner Solution.

    Because this Partner Solution uses Amazon Machine Images (AMIs) from AWS Marketplace, you must subscribe to Trend Micro Deep Security. There are two licensing options:


    Note: This Partner Solution supports a deployment of up to 2,000 protected instances. If you are protecting more than 2,000 instances, contact for assistance.


    Tip:  After you deploy the Partner Solution, create  AWS Cost and Usage Reports  to track costs associated with the Partner Solution. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information about the report, refer to  What are AWS Cost and Usage Reports?