AWS deployment architecture

The diagrams below provide an abstract visualization of how the deployment stack fits into your AWS cloud account. Additionally, these diagrams show the flow of information between related AWS assets and how that data is shared with Trend Vision One to power cloud security features.

For details about the resources used and deployed to your AWS environment, seeResources deployed in AWS enviroments .

When deploying the Cloud Accounts stack to your AWS account, the stack creates IAM policies and roles to allow Trend Vision One to connect with your account. Additionally, nested stacks are deployed based on the features you enable.

For details about the resources used and deployed to your AWS environment, see Resources deployed in AWS enviroments.

The diagram shows how the Agentless Vulnerability & Threat Detection feature utilizes assets within your AWS account to discover vulnerabilities in EBS volumes attached to EC2 instances and ECR images.

Trend Vision One supports monitoring your CloudTrail logs either through a single account, or by leveraging ControlTower. The diagrams below detail the resources leveraged to enable the Cloud Detections for AWS CloudTrail feature.

The diagram below shows how File Security Storage uses assets within your AWS account to monitor and scan files and cloud storage.