The Cloud Posture Bot will ingest meta-data via API calls from AWS Accounts you have added to your organisation.
Access Setup
Real-time monitoring
Cost Optimisation
Access AWS Cost Billing Bucket

Supported regions Parent topic

The Cloud Posture Scan can ingest data from all but 3 AWS supported regions.

Unsupported regions Parent topic


  1. Two China regions
  2. AWS GovCloud (US)

What to do next

How does the system access my AWS account?
Cloud Posture uses a AWS Custom Policy to view your AWS account metadata - there is no read or write access to your data.
What data does the system capture and how is it stored?
Cloud Posture only accesses the metadata associated with your AWS infrastructure. For example, we recognize that your AWS account has twelve S3 buckets and twenty EC2 instances, however, we cannot see the data/applications associated with these resources.
We retain metadata for active accounts for a 12-month period after which it is automatically deleted. For events, you can query logs to view the last 500 events via UI and 1200 via API. If you choose to deactivate an account, all your data is automatically deleted at the time of deactivation.
Does anyone at Trend look at this data?
No, Cloud Posture staff don’t have access to view your dashboard or account information. Authorized members of our technical team have limited access to view metadata associated with your accounts, for example, the number of compliance checks performed. However, our staff cannot see the specific violations associated with your AWS account.
We understand that the infrastructure configurations (metadata) could be considered sensitive and we have several layers of security in place to ensure that this metadata is captured, stored and accessed securely.
Customer metadata is encrypted at all touchpoints in our AWS infrastructure. From data collection, using signed requests and the AWS Security Token Service (STS), to the use of encryption at rest using the AWS Key Management Service. All internal staff must comply with our strong password policies and have MFA enabled. All access to Cloud Posture infrastructure is monitored and access levels are reviewed on a regular basis, with the principle of least privilege enforced. Only senior Cloud Posture engineers have access to production systems.
It's important to note that Cloud Posture staff do not have access to the customer's Cloud Posture account unless the customer chooses to grant their Technical Account Manager read-only access - which is at the discretion of the customer.

AWS Well-Architected Tool Parent topic

  • How does the AWS-Well Architected Tool Work?
  • How do I start using the tool?
Trend Vision One™ – Cloud Posture has integrated with the AWS Well-Architected Tool to ensure customers conduct 360-degree workload reviews in AWS to assure that their resources are complying with the AWS Well-Architected Framework.
How does the AWS Well-Architected Tool work?
The AWS Well-Architected Tool uses the AWS Well-Architected Framework to compare your cloud application environment against best practices across five architectural pillars: security, reliability, performance efficiency, operational excellence, cost optimization and sustainability.
Users answer a series of questions to review and evaluate their workloads and receive step-by-step guidance to improve them in return.
How do I start using the AWS Well-Architected Tool?


  1. Update the Custom Policy: to allow Cloud Posture to access data from the AWS Well-Architected Tool. The new permissions are:
      * wellarchitected:ListWorkloads
      * wellarchitected:GetWorkload
  2. Make sure that the following Rules are enabled in Cloud Posture. For more info, see: Configure Rules.

What to do next

Click on the Resolve button to view the Knowledge Base pages for step-by-step guidance on using the tool and resolving the failure.
Once you have enabled the Rules and you have updated the Custom Policy, you will be able to use the AWS Well-Architected Tool with Cloud Posture.