Views:
When running on EC2 instances in AWS, the agent uses the Amazon Instance Metadata Service (IMDS) to query information about the EC2 instance.
Note
Note
Support for IMDS v2 was added in agent version 12 FR 2020-05-19. If you are using an older version of the agent, only IMDS v1 is supported and you must ensure that your AWS configuration allows the agent access to host metadata using IMDS v1.
The information retrieved by the agent is necessary to ensure that the agent activates under the proper AWS account within Server & Workload Protection and the right instance size is used for metered billing.
If the agent cannot successfully retrieve data from the instance using a Metadata Service Version 1 (IMDSv1) or 2 (IMDSv2), the following issues might be encountered:
Issue
Root cause
Resolution
Additional notes
Duplicate computers appear - one under the AWS account and another outside of the AWS account.
If the agent does not have access to Instance Metadata Service Version 1 (IMDSv1) or 2 (IMDSv2), Server & Workload Protection cannot properly associate this activation with the desired cloud account.
Ensure that Server & Workload Protection has access to IMDS v1 or IMDS v2.
For details, see Configuring the Instance Metadata Service.
If you determine that the creation of duplicate computers has occurred, you can use inactive agent cleanup to automatically remove these computers.
Incorrect billing of instance hours .
If the agent does not have access to Instance Metadata Service Version 1 (IMDSv1) or 2 (IMDSv2), Server & Workload Protection cannot properly determine the instance size for metered billing. As a result, the computer does not appear under a cloud account and is charged at the data center rate.
If you believe overbilling has occurred please ensure that:
  1. The agent has access to IMDS v1 or IMDS v2.
  2. You have added the AWS cloud account to Server & Workload Protection.
Adding AWS accounts is now handled by the Cloud Accounts app. Credit usage is based on enabled Trend Vision One Cloud Security features. For more information about credits, see Credit Usage.
Smart folders or event-based tasks based on AWS metadata fail.
If the agent does not have access to Instance Metadata Service Version 1 (IMDSv1) or 2 (IMDSv2), Server & Workload Protection cannot access the AWS metadata needed for these operations.
N/A