// We need to work around Step numbers here if we are going to potentially exclude the AMI subscription
// There are generally two deployment options. If additional are required, add them here

=== Confirm your AWS account configuration

. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see link:#_planning_the_deployment[Planning the deployment] earlier in this guide.
. Make sure that your AWS account is configured correctly, as discussed in the link:#_technical_requirements[Technical requirements] section.

// Optional based on Marketplace listing. Not to be edited

ifdef::marketplace_subscription[]
=== Subscribe to the {partner-product-name} AMI

This Quick Start requires a subscription to the AMI for {partner-product-name} in AWS Marketplace.

. Sign in to your AWS account.
. {marketplace_listing_url}[Open the page for the {partner-product-name} AMI in AWS Marketplace], and then choose *Continue to Subscribe*.
. Review the terms and conditions for software usage, and then choose *Accept Terms*. +
  A confirmation page loads, and an email confirmation is sent to the account owner. For detailed subscription instructions, see the https://aws.amazon.com/marketplace/help/200799470[AWS Marketplace documentation^].

. When the subscription process is complete, exit out of AWS Marketplace without further action. *Do not* provision the software from AWS Marketplace—the Quick Start deploys the AMI for you.
endif::marketplace_subscription[]
// \Not to be edited

=== Launch the Quick Start
// Adapt the following warning to your Quick Start.
WARNING: If you deploy {partner-product-short-name} into an existing VPC, ensure that your VPC has two private subnets in different Availability Zones for the workload instances and that the subnets are not shared. This Quick Start does not support https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[shared subnets^]. The subnets require https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html[NAT gateways^] in their route tables to allow the instances to download packages and software without exposing the instances to the internet. Also ensure that the domain name in the DHCP options is configured, as explained in http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html[DHCP options sets^]. Provide your VPC settings when you launch the Quick Start.

. Sign in to your AWS account, and choose one of the following options to launch the AWS CloudFormation template. For help with choosing an option, see link:#_deployment_options[Deployment options] earlier in this guide.
+
[cols=2*]
|===
^|https://fwd.aws/kmwny[Deploy {partner-product-short-name} into a new VPC on AWS^]
^|https://github.com/aws-quickstart/quickstart-ibm-cloud-pak-for-security/blob/main/templates/ibm-cloudpak-root.template.yaml[View template^]

^|https://fwd.aws/6Wz48[Deploy {partner-product-short-name} into an existing VPC on AWS^]
^|https://github.com/aws-quickstart/quickstart-ibm-cloud-pak-for-security/blob/main/templates/ibm-cloudpak-security.template.yaml[View template^]
|===
+
. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This Region is where the network infrastructure for {partner-product-name} is built. The template is launched in the {default_deployment_region} Region by default.
. On the *Create stack* page, keep the default setting for the template URL, and then choose *Next*.
. On the *Specify stack details* page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. For details on each parameter, see the link:#_parameter_reference[Parameter reference] section of this guide. When you finish reviewing and customizing the parameters, choose *Next*.
. On the *Configure stack options* page, you can https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html[specify tags^] (key-value pairs) for resources in your stack and https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-add-tags.html[set advanced options^]. When you’re finished, choose *Next*. 
. On the *Review page*, review and confirm the template settings. Under *Capabilities*, select the two check boxes to acknowledge that the templates creates IAM resources and might require the ability to automatically expand macros.
. Choose *Create stack* to deploy the stack. 
. Monitor the status of the stack. Each deployment takes about *{deployment_time}* to complete.
. When the status is *CREATE_COMPLETE*, the Cloud Pak for Security deployment is ready. 
. To view the created resources, see the values displayed in the *Outputs* tab for the stack, as shown in the link:#_cfn_outputs[figure] below.
+
[#_cfn_outputs]
.{partner-product-name} outputs after successful deployment
[link=images/cfn-outputs.png]
image::../images/cfn-outputs.png[IBM Cloud Pak for Security deployment outputs]