Before you deploy the identity router in your Amazon Web Services (AWS) cloud-computing environment, you must configure the virtual environment to meet the following requirements. See your AWS documentation for instructions.

• The identity router Amazon Machine Image (AMI) must be shared with your Amazon account. For instructions, see Obtain the Identity Router Image.
• Your Amazon account must have access to deploy t2.large or better instance types.
• Your Amazon Virtual Private Cloud (VPC) must include public and private subnets based on your deployment needs. For example, you might deploy the identity router in a public subnet and host identity sources or Authentication Manager instances in a private subnet, or you might deploy identity routers in multiple subnets across availability zones for high availability. For more information, see Amazon Web Services Identity Router Deployment Models.
• The DHCP options set for your VPC must specify the DNS servers required for your deployment.
• You can assign static values for private IP addresses within your VPC, or permit Amazon to assign private IP addresses using DHCP.
• You can use default values dynamically assigned by Amazon for public IP addresses, but each time an instance in your environment is restarted, it may receive a different public address. If your organization manages its own DNS service, SecurID recommends allocating a persistent Elastic IP address through AWS, and assigning it to the identity router instance after you complete the instance launch process.