Views:
For data sovereignty, deploy and host the Trend Micro Artifact Scanner in your AWS environment. Trend Vision One receives only scan results. For Trend-hosted configuration, see Configure Trend-hosted AI scan settings.

Procedure

  1. To configure a new AWS account:
    1. In the Trend Vision One console, go to Cloud SecurityCloud AccountsAWS.
    2. Click Add Account.
    3. For Deployment Method, select CloudFormation.
    4. Select the account type:
      • Single AWS Account
      • AWS Organization
    5. Provide an Account name and Description to display in Cloud Accounts.
    6. Specify the Organizational Unit ID. When you add the AWS Organization, all member accounts without a specified alias in AWS receive an automatically generated name in Cloud Accounts.
  2. To update an existing AWS account:
    1. Click Update AWS account then click the account name.
    2. In Cloud Accounts Settings, click the Stack Update tab.
  3. Select the AWS region for CloudFormation template deployment.
  4. Select the Server & Workload Protection instance to associate with the account.
  5. To add custom tags to the resources deployed by Trend Vision One, select Resource tagging and specify the key-value pairs.
    • To add up to three tags, click Create a new tag.
  6. Click Next.
  7. Enable AI Application Security.
  8. Select the Deployment.
  9. Select Enable AI Scanner.
  10. In a new tab in the same browser session, sign in to the AWS account you want to connect using a role that has administrator privileges.
  11. For an existing AWS account:
    1. Under Update the CloudFormation template, click Copy S3 URL.
    2. To review the template before deploying, click Download and Review Template.
    3. Go to Stacks and click the stack name for the stack you want to update.
      • Vision-One-Cloud-Account-Management
    4. Click Update.
    5. Select Replace current template.
    6. Paste the template S3 URL into Amazon S3 URL.
    7. Click Next.
  12. For a new AWS account:
    1. Click Next.
    2. To use automated deployment:
      1. Select Automated for the deployment type.
      2. Click Launch stack to launch the CloudFormation template in the AWS console.
      3. Complete the steps in Quick Create Stack.
    3. To use manual deployment:
      1. Select Manual for the deployment type.
      2. Click Download the template and stack parameters as a .zip.
      3. Go to Stacks under CloudFormation.
      4. Create a new stack using the parameters in the .zip file.
  13. In the AWS management console, open the CloudFormation stack then navigate to the Outputs tab and copythe ScannerAPIEndpoint. You need this endpoint to run the command for the self-hosted instance via the command-line interface (CLI) for the Trend Micro Artifact Scanner.
  14. In Trend Vision One, click Done.