Views:

Quickly add your accounts to Cloud Accounts by connecting your AWS Organization.

Cloud Accounts supports adding accounts managed by your AWS Organization by deploying features to the root account or organizational unit (OU) level. Adding your AWS Organization to Cloud Accounts provides a quick way to allow Trend Vision One access to your managed cloud accounts to provide security and visibility into your cloud assets. Some Cloud Account features have limited support for AWS regions. For more information, see AWS supported regions and limitations.
Before you begin, ensure you have access to a sign-in or user role with administrator privileges, including permissions to create and manage AWS CloudFormation stack sets for the AWS Organization you wish to connect. For more information, see AWS CloudFormation StackSets and AWS Organizations.
Important
Important
  • Support for AWS Organizations is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release Sub-Feature Disclaimer before using the sub-features.
  • The steps are valid for the AWS console as of November 2023.
  • Adding an AWS organization forces accounts managed by that organization to apply the same settings configured for the entire organization. Settings cannot be modified for individual accounts added as part of an organization.
    If you want to apply different security settings to some accounts managed by an organization, add those accounts individually before you add your AWS organization account.

Procedure

  1. Sign in to the Trend Vision One console.
  2. In the Trend Vision One console, go to Service ManagementCloud AccountsAWS.
  3. Click Add Account.
    The Add Cloud Account window appears.
  4. Select AWS Organization.
  5. Specify the general information for the organization.
    1. Specify the Organization name to display in the Cloud Accounts app.
      Once the AWS Organization is added, all member accounts without a previously specified alias in AWS receive an automatically generated name in the Cloud Accounts app.
    2. Specify a Description to display in the Cloud Accounts app.
  6. Select the AWS region for CloudFormation template deployment.
    Note
    Note
    The default region is based on your Trend Vision One region.
    Some features and permissions have limited support for some AWS regions. For more information, see AWS supported regions and limitations.
  7. If you are not already signed into your AWS account using a role that has administrator privileges, click Go to AWS to do so in the same browser session.
  8. Click Next.
  9. Choose which Features and Permissions to enable on the account.
    • Core Features: Connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
    • Container Protection for Amazon ECS: Deploy Trend Vision One Container Security in your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments. Trend Vision One Container Security uncovers threats and vulnerabilities, protects your runtime environment, and enforces deployment policies.
      Note
      Note
      As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
    Note
    Note
    Only the above listed features and permissions support deployment to organization managed accounts. Additional features and permissions can only be deployed to single accounts.
  10. Click Next.
  11. If you have more than one Server & Workload Protection Manager instance, select the instance to associate with the connected account.
    Note
    Note
    If you only have one Server & Workload Protection Manager instance, the account is automatically associated with that instance.
  12. Launch the CloudFormation template in the AWS console.
    1. If you want to review the stack template before launching, click Download and Review Template.
    2. Click Launch Stack.
      The AWS management console opens in a new tab and displays the Quick Create Stack screen.
  13. In the AWS management console, complete the steps in the Quick Create Stack screen.
    1. If you want to use a name other than the default, specify a new Stack name.
    2. In the Parameters section, input the AWS Account ID or the Organizational Unit (OU) ID in the OrganizationID field.
      Important
      Important
      Do not change any other settings in the Parameters section. CloudFormation automatically provides the settings for the parameters. Changing parameters might cause stack creation to fail.
    3. In the Capabilities section, select the following acknowledgments:
      • I acknowledge that AWS CloudFormation might create IAM resources with custom names.
      • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
    4. Click Create Stack.
      The Stack details screen for the new stack appears with the Events tab displayed. Creation might take a few minutes. Click Refresh to check the progress.
  14. In the Trend Vision One console, click Done.
    The organization and its member accounts appear in Cloud Accounts once the CloudFormation template deployment is completed. Refresh the screen to update the table.