Manage the enabled features and permissions for your AWS account as well as update to the latest version of the stack template.

The Stack Update tab in the Cloud Account Settings screen allows you to enable and disable cloud security related features and permissions for your AWS account. Changing the features and permissions settings requires updating the stack. For more information about the features and permissions, see AWS features and permissions.
Stack updates cannot be performed on accounts managed by an AWS organization. To update the settings, you must edit the stack for the AWS organization.


  1. Sign in to the Trend Vision One console.
  2. Go to Service ManagementCloud AccountsAWS and click on the name of the account you want to update.
  3. In the Cloud Accounts Settings screen, go to the Stack Update tab.
  4. Under the Select Features section, enable or disable the cloud account features.
    You can also change the deployment regions for Agentless Vulnerability & Threat Detection and Container Protection for Amazon ECS.
  5. Under the Copy the Template S3 URL section, click Copy S3 URL.
  6. If you want to review the template before deploying, click Download and Review Template.
  7. Under the Update CloudFormation Template section, verify the Stack name in step 3.
  8. In a new tab in the same browser session, sign in to the connected AWS account.
    You can view the AWS account ID on the Account Information tab.
  9. In the AWS console, access the CloudFormation console.
  10. Go to Stacks and click the stack name for the stack you want to update.
    The Stack details screen appears.
  11. Click Update.
  12. In the Update stack screen, select Replace current template.
  13. Under the Specify template section, set Template source to Amazon S3 URL.
  14. Paste the template S3 URL you copied into the Amazon S3 URL field.
  15. Click Next.
  16. If you are enabling Cloud Detections for AWS CloudTrail, configure the Parameters screen.
    • For CloudAuditLogMonitoringCloudTrailArn, provide the ARN for the CloudTrail you want to monitor.
    • For CloudAuditLogMonitoringCloudTrailSNSTopicArn, provide the ARN of the CloudTrail SNS topic.
    The monitored CloudTrail and CloudTrail SNS must be on the same account and located in the same region you selected for the template deployment.
    Do not change any other settings in the Parameters screen. CloudFormation automatically provides the settings for the parameters. Changing parameters might cause the stack update to fail.
  17. In the Configure stack options screen, click Next.
  18. In the Review screen, under the Capabilities section, select I acknowledge that AWS CloudFormation might create IAM resources.
  19. Click Submit.
    The Stack details screen appears with the Events tab open. The update process might take a few minutes. Click Refresh to check the progress.
  20. After the stack update completes, go back to the Trend Vision One console.
  21. Click Save Changes.
    The cloud account might show a Disconnected status if you do not click Save Changes after updating the stack.