AWS uses Identity and Access Management (IAM) roles to provide instances access to the infrastructure services. Configure an IAM role with required policies and associate the IAM role with OCSBC instances during creation. The instances can then obtain the credentials through the metadata and authenticate itself while invoking the API.

As you deploy, follow these guidelines:

1. Create both OCSBC instances in the same Availability Zone.
2. Oracle recommends that you use Place Groups of type Spread for launching both OCSBC instances.

As you configure, follow these guidelines:

1. On the primary instance of OCSBC, and through the AWS console, configure Secondary Private IPs to be used as OCSBC virtual IPs.
2. When required, map Secondary Private IP addressing with Elastic IP addressing.

AWS uses its Access key ID and Secret access key as security credentials. Since these credentials change periodically, the OCSBC does not cache the information. Instead, the OCSBC always retrieves and uses the latest information from the metadata. In addition, the OCSBC retries the API by refreshing the latest security credentials if it receives any error response indicating the authentication failed.