Views:

Learn which VPC parameters you must provide to enable Cloud Account resource deployment in Amazon Virtual Private Cloud (VPC).

Procedure

  1. In the AWS management console, if you want to use a name other than the default, specify a new Stack name.
  2. In the Parameters section, configure the following parameters:
    1. VpcSubnetIDs: The subnet IDs for the VPC where the resources will be deployed. Provide a comma-separated list of subnet IDs in the same region where the Cloudformation template is deployed.
    2. VpcSecurityGroupIDs: The security group IDs for the VPC where the resources will be deployed. Provide a comma-separated list of security group IDs in the same region where the CloudFormation template is deployed.
    3. VpcProxy: The proxy URL for the VPC environment. This will be set as HTTP_PROXY and HTTPS_PROXY environment variables for Lambda functions.
    4. RegionalVpcSubnetIDs: The subnet IDs for the VPC where the resources will be deployed in each additional region.
      Provide a JSON string mapping regions to comma-separated lists of subnet IDs. For example: {"ap-northeast-2":"subnet-abc123,subnet-def456","us-east-1":"subnet-ghi789"}
    5. RegionalVpcSecurityGroupIDs: The security group IDs for the VPC where the resources will be deployed in each additional region.
      Provide a JSON string mapping regions to comma-separated lists of security group IDs. For example: {"ap-northeast-2":"sg-abc123,sg-def456","us-east-1":"sg-ghi789"}
    6. RegionalVpcProxy: The proxy URL for the VPC environment in each additional region.
      Provide a JSON string mapping regions to proxy URLs. For example: {"ap-northeast-2":"http://proxy-ap-northeast-2.example.com:8080","us-east-1":"http://proxy-us-east-1.example.com:8080"}
  3. In the Parameters section, configure the following parameters only if you have enabled Cloud Detections for AWS CloudTrail.
    • For CloudAuditLogMonitoringCloudTrailArn, provide the ARN for the CloudTrail you want to monitor.
    • For CloudAuditLogMonitoringCloudTrailSNSTopicArn, provide the ARN of the CloudTrail SNS topic.
      Important
      Important
      • The monitored CloudTrail and CloudTrail SNS must be on the same account and in the same region selected for the template deployment.
  4. In the Capabilities section, select the following acknowledgments:
    • I acknowledge that AWS CloudFormation might create IAM resources with custom names.
    • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
  5. Click Connect.
  6. In the Trend Vision One console, click Done.
    The account appears in Cloud Accounts once the CloudFormation template deployment successfully completes. Refresh the screen to update the table.