Connect an AWS account using CloudFormation

Procedure

1. Sign in to the Trend Vision One console.
2. In a new tab in the same browser session, sign in to the AWS account you want to connect using a role that has administrator privileges.
3. In the Trend Vision One console, go to Cloud Security → Cloud Accounts → AWS.
4. Click Add Account.
   The Add AWS Account window appears.
5. Specify the Deployment Type.
   1. For Deployment Method, select CloudFormation.
   2. Select the account type:
   3. Click Next.
6. Specify general information for the account;
   1. Provide an Account name and Description to display in Cloud Accounts.
   2. Select the AWS region for CloudFormation template deployment.

      Note The default region is your Trend Vision One region. Some features and permissions have limited support for some AWS regions. For more information, see AWS supported regions and limitations.

   3. If you have more than one Server & Workload Protection Manager instance, select the instance to associate with the connected account.

      Note If you have one Server & Workload Protection Manager instance, the account is automatically associated with that instance.

   4. Select the scanning regions for the Server & Workload Protection instance selected in the previous step:
      • If the AWS account you are connecting does not use certain regions, clear those regions from the list.
      • If the AWS account uses all regions, leave all regions selected.

      By default, Core Features and features that rely on Server & Workload Protection scanning (such as Container Security and File Storage Security) attempt to connect to all AWS regions. If your AWS account does not use certain regions, this can generate unnecessary error logs in CloudTrail from failed connection attempts.
   5. To add custom tags to the resources deployed by Trend Vision One, select Resource tagging and specify the key-value pairs.
      To add up to three tags, click Create a new tag.

      Note Keys can be up to 128 characters long, and cannot start with aws. Values can be up to 256 characters long.

   6. Click Next.
7. Configure the Features and Permissions you want to grant access to your cloud environment.
   For more information, see AWS features and permissions.
8. Click Next.
9. Launch the CloudFormation template in the AWS console.
   1. To review the stack template before launching, click Download and Review Template.
   2. Click Launch Stack.
      The AWS management console opens in a new tab and displays the Quick Create Stack screen.
10. In the AWS management console, complete the steps in the Quick Create Stack screen.
    1. If you want to use a name other than the default, specify a new Stack name.
    2. In the Parameters section, configure the following parameters only if you have enabled XDR for Cloud - AWS CloudTrail.
       • For CloudAuditLogMonitoringCloudTrailArn, provide the ARN for the CloudTrail you want to monitor.
       • For CloudAuditLogMonitoringCloudTrailSNSTopicArn, provide the ARN of the CloudTrail SNS topic.

         Important The monitored CloudTrail and CloudTrail SNS must be on the same account and in the same region selected for the template deployment. Do not change any other settings in the Parameters section. CloudFormation automatically provides the settings for the parameters. Changing parameters might cause stack creation to fail.

    3. In the Capabilities section, select the following acknowledgments:
       • I acknowledge that AWS CloudFormation might create IAM resources with custom names.
       • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
    4. Click Create Stack.
       The Stack details screen for the new stack appears with the Events tab displayed. Creation might take a few minutes. Click Refresh to check the progress.
11. In the Trend Vision One console, click Done.
    The account appears in Cloud Accounts once the CloudFormation template deployment successfully completes. Refresh the screen to update the table.