AWS is taking longer than expected Parent topic

If AWS is taking longer than expected, it might be because:
  • The template is still running.
    While the Cloud Formation Template is running, Workload Security has no information on how far it has progressed or when it will finish. Workload Security is notified when the template has completed successfully. Because of this, Workload Security has a timeout that is triggered if the template has not completed within the expected time. If the timeout was triggered it does not mean the template has failed, AWS could just be taking longer than usual.
    To check the status of the template, go to the Cloud Formation section of the AWS console. From there, look for the Status of the Stack Named DeepSecuritySetup. If the status field shows CREATE_IN_PROGRESS, then the template is still running and more time is required.
  • The template has failed to complete.
    If the status field in the Cloud Formation section of the AWS console shows ROLLBACK_IN_PROGRESS, ROLLBACK_COMPLETE, or CREATE_FAILED, then the template creation has failed within AWS. If this happens, go to the Events tab in the Cloud Formation interface to find more information about why the template failed.
    Contact Trend Micro technical support for assistance.

Resource is not supported in this region Parent topic

The Cloud Formation Template creates a Lambda function to create the cross-account role. AWS Lambda is not currently supported in all regions, so if the Cloud Formation Template is run in a region that does not support Lambda, then it fails to create the cross-account role. By default, the link provided by the wizard runs the Cloud Formation Template in the US East (N. Virginia) region. The following are other regions that currently support Lambda:
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • EU (Frankfurt)
  • EU (Ireland)
  • US East (N. Virginia)
  • US West (Oregon)

Template validation issue Parent topic

The user running the Cloud Formation Template does not have the required permissions to run the template.
In the IAM console, scroll down and find the user that is currently logged in and running the template. Open the user properties by double-clicking on the user. Scroll down to the Managed Policies and Inline Policies section and click Show Policy on any policies visible. All of the following permissions must be contained in at least one of the polices attached to the user:
  • cloudformation:CreateStack
  • cloudformation:DescribeStackEvents
  • cloudformation:DescribeStacks
  • cloudformation:EstimateTemplateCost
  • cloudformation:GetTemplate
  • cloudformation:GetTemplateSummary
  • cloudformation:ListStackResources
  • cloudformation:ListStacks
  • ec2:CreateTags
  • ec2:DescribeAvailabilityZones
  • ec2:DescribeImages
  • ec2:DescribeInstances
  • ec2:DescribeRegions
  • ec2:DescribeSecurityGroups
  • ec2:DescribeSubnets
  • ec2:DescribeTags
  • ec2:DescribeVpcs
  • iam:AddRoleToInstanceProfile
  • iam:AttachRolePolicy
  • iam:CreateInstanceProfile
  • iam:CreatePolicy
  • iam:CreateRole
  • iam:DeleteInstanceProfile
  • iam:DeleteRole
  • iam:DeleteRolePolicy
  • iam:GetRole
  • iam:GetRolePolicy
  • iam:PassRole
  • iam:PutRolePolicy
  • iam:RemoveRoleFromInstanceProfile
  • lambda:InvokeFunction
  • lambda:CreateFunction
  • lambda:GetFunctionConfiguration
  • sts:AssumeRole
  • sts:DecodeAuthorizationMessage
  • workspaces:DescribeWorkspaces
  • workspaces:DescribeWorkspaceDirectories
  • workspaces:DescribeWorkspaceBundles
  • workspaces:DescribeTags

Workload Security was unable to add your AWS account Parent topic

The information that Workload Security received from AWS was incomplete.
If this happens, close the wizard and try running it again from the beginning as there might be a temporary system problem.
If the error happens a second time, contact technical support.