Connect an AWS account in one of the supported China regions (cn-north-1 or cn-northwest-1) to Cloud Accounts using CloudFormation deployment.
AWS accounts in China regions require a different connection process than accounts
in other AWS regions. China region accounts must use single account deployment with
CloudFormation (Terraform deployment is not supported). AWS China regions (cn-north-1,
cn-northwest-1) operate as a separate partition, isolated from standard AWS regions.
Before you begin, review the region limitations for connecting an AWS account to Cloud Accounts.
 |
Important
|
Procedure
- Sign in to TrendAI Vision One™.
- Go to .
- Click Add Account.
- On the Deployment Method screen, select CloudFormation.
Note
Terraform deployment is not supported for AWS China regions. - Select Single AWS account.
Note
AWS Organizations deployment is not supported for AWS China regions. - Click Next.
- On the General Information screen, specify the following:
-
Account Name: Enter a name for this connection
-
Description (optional): Enter a description
-
Region: Select one of the supported China regions:
-
cn-north-1 (Beijing)
-
cn-northwest-1 (Ningxia)
-
Note
When you select a China region for deployment, Server & Workload Protection scanning regions will be limited to cn-northwest-1. -
- Click Next.
- On the Features and Permissions screen, select the features you want to enable for
this account.The following features are supported in AWS China regions:
-
Core features
-
Cyber Risk Exposure Management - Cloud account assessment
-
Real-Time Posture Monitoring
-
Agentless Vulnerability and Threat Detection
-
Cloud Detections for VPC Flow Logs
-
Container Protection for Amazon ECS
Note
Features that do not support China regions will be disabled and cannot be enabled. -
- Click Next.
- On the Launch screen, click Launch Stack to open the AWS CloudFormation console in a new tab.
- In the AWS CloudFormation console, complete the steps in the Quick Create Stack screen.
- If you want to use a name other than the default, specify a new Stack name.
- In the Parameters section, configure the following parameter as needed.
-
For IamPermissionsBoundaryArn, provide the ARN of an IAM permissions boundary policy to apply to all IAM roles created by the stack. This parameter is optional. If specified, the permissions boundary is applied to IAM roles used by the following feature:
-
Core features
The IAM policy associated with theIamPermissionsBoundaryArnmust include the minimum permissions required by Core features. If the boundary policy does not include the required permissions, the stack deployment or feature operations may fail. For more information, see AWS required permissions. -
Important
Do not change any other settings in the Parameters section unless instructed. CloudFormation automatically provides the settings for the remaining parameters. Changing parameters might cause stack creation to fail. -
- In the Capabilities section, select the following acknowledgments:
-
I acknowledge that AWS CloudFormation might create IAM resources with custom names.
-
I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
-
- Click Create Stack.The Stack details screen for the new stack appears with the Events tab displayed. Creation might take a few minutes. Click Refresh to check the progress.
- After the stack deployment completes successfully, return to the TrendAI Vision One™ console and click Done.The AWS account appears in Cloud Accounts with the selected features enabled. It can take a few minutes for the AWS account to appear.