Manage the enabled features and permissions for your connected AWS accounts and organizations and update to the latest version of the stack template.
Use the Stack update tab to manage enabled features and permissions on your AWS accounts
and AWS organizations. You can also manage stack updates as feature enhancements are
released. Changing the features and permissions settings requires updating the stack.
For more information about the features and permissions, see AWS features and permissions.
 |
ImportantYou cannot update stacks on individual accounts managed by an AWS organization. To
update the settings, you must edit the stack for the AWS organization.
Stack updates are for AWS accounts connected using CloudFormation. If you connected
your account using a terraform script, see AWS Resource Update.
To troubleshoot a partially failed deployment to an AWS organization, see AWS organization shows "Reconnect" or "Update feature stack" action after deployment
attempt.
|
Procedure
- Sign in to the Trend Vision One console.
- Go to and click the name of the account you want to update.
- In Cloud Accounts Settings, click the Stack Update tab.
- Under the Select features and permissions section, configure which features you want to enable or disable.You can change the deployment regions for Agentless Vulnerability & Threat Detection and Container Protection for Amazon ECS. For Agentless Vulnerability & Threat Detection, you may also change the resource types to scan and whether to scan for vulnerabilities, malware, or both.
- Configure the Additional settings.
-
To add custom AWS tags to the resources deployed when updating, select Resource tagging and specify the key-value pairs.Custom tags are applied to all resources except the root stack. To add custom tags to the root stack, you must apply them in the CloudFormation console.Keys can be up to 128 characters long, and cannot start with
aws.Values can be up to 256 characters long.-
To add up to three tags, click Create a new tag.
-
-
- Under Update the CloudFormation template, click Copy S3 URL.
- If the API key has expired, click Copy Vision One API Key to obtain a new key.The Trend Vision One API key is valid for 90 days. Attempting to update the feature stack with an expired key automatically fails.
- To review the template before deploying, click Download and Review Template.
- Under Update CloudFormation template, verify the Stack name.
- In a new browser tab, sign in to the connected AWS account.You can view the AWS account ID on the Account Information tab.
- In the AWS console, access the CloudFormation console.
- Go to Stacks and click the stack name for the stack you want to update.
- Click Update.
- Select Replace current template.
- Under Specify template, set Template source to Amazon S3 URL.
- Paste the template S3 URL into Amazon S3 URL.
- Click Next.
- Configure Parameters.
- If the API key has expired, locate VisionOneAPIKey and clear Use previous value.
- If you are enabling Cloud Detections for AWS CloudTrail, provide the following Amazon
Resource Names (ARNs):
-
For CloudAuditLogMonitoringCloudTrailArn, provide the ARN for the CloudTrail you want to monitor.
-
For CloudAuditLogMonitoringCloudTrailSNSTopicArn, provide the ARN of the CloudTrail SNS topic.
Important
The monitored CloudTrail and CloudTrail SNS must be on the same account and in the same region selected for the template deployment.Do not change any other settings in the Parameters screen. CloudFormation automatically provides the settings for the parameters. Changing parameters might cause the stack update to fail. -
- In Configure stack options, click Next.
- In Review under Capabilities, select I acknowledge that AWS CloudFormation might create IAM resources.
- Click Submit.Stack details displays the Events tab. The update process might take a few minutes. Click Refresh to check the progress.
- After the stack update completes, return to the Trend Vision One console.
- Refresh Cloud Accounts to verify the update succeeded.